In this post I’m going to give you the things to be considered in uploading a file securely using php. Sometimes we make small mistakes in these points and waste lot of time identifying the problem. So i hope this tips will reduce the time of your file uploading code.

 

• Always use enctype=”multipart/form-data” attribute in your html form.
• Define the allowed file types to upload and check against the uploaded file.
• Do not allow executable file types such as exe,php,jsp since any one can directly run the file after uploading and cause damage to your application.
• Change the php.ini file and set the value of “upload_max_filesize” according to your maximum file size allowed to upload.
• Provide the write permission to your upload folder.
• Provide the necessary permission to your uploded files using chmod function.