How to Restrict File Types and Size in PHP File Uploads?

PHP File Upload: Efficiently Restricting File Types and Size

In PHP, controlling file uploads and ensuring the acceptance of specific file types is crucial. One user recently encountered issues with their existing validation code:

<code class="php">//check file extension and size
$resume= ($_FILES['resume']['name']);
$reference= ($_FILES['reference']['name']);
$ext = strrchr($resume, ".");
$ext1 = strrchr($reference, ".");
if (!(($_FILES["resume"]["type"] == "application/doc")
|| ($_FILES["resume"]["type"] == "application/docx")
|| ($_FILES["resume"]["type"] == "application/pdf" ))
&& (($_FILES["reference"]["type"] == "application/doc")
|| ($_FILES["reference"]["type"] == "application/docx")
|| ($_FILES["reference"]["type"] == "application/pdf"))
&& (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
&& (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
&&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
&&  ($_FILES["reference"]["size"] < 400000)) {

//stop user
} else {
// allow files to upload
}</code>

According to the user, this code allowed unauthorized file types (e.g., TXT) to pass through and did not enforce the size limit.

Solution: Relying on MIME Types and Proper Size Checks

To address these issues, a more robust approach is recommended:

<code class="php">function allowed_file(){

//Allowed mime-type files
$allowed = array('application/doc', 'application/pdf', 'another/type');

//Validate uploaded file type
if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

//Check file size
if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

//File types and size are accepted, proceed with file processing
}
}
}</code>

Explanation:

This improved code utilizes MIME (Multipurpose Internet Mail Extension) types rather than file extensions. MIME types accurately represent file formats and are less prone to manipulation. Additionally, it checks the file size independently for both resume and reference files, ensuring that the limit is enforced.

The above is the detailed content of How to Restrict File Types and Size in PHP File Uploads?. For more information, please follow other related articles on the PHP Chinese website!