For the security of the website, uploading of php files is definitely not allowed. If someone enters your backend and uploads a php file, all of your website source code will be saved and become his, and he can directly package it and look at your code. Therefore, you must control the uploaded directory and file type. Generally, only images can be uploaded.
Create a file upload form
It is very useful to allow users to upload files from a form.
Please look at the HTML form below for uploading files: