DEV Community

Discussion on: How to upload files with PHP correctly and securely

Collapse
bigdan256 profile image
BigDan256

Unless php7 or html5 changed things, you may need to specify enctype on the form and a MAX_FILE_SIZE hidden input.
Also you can use is_uploaded_file and move_uploaded_file to ensure you only modify the freshly uploaded file.
You can also use UPLOAD_ERROR_OK, as sometimes a file upload only partially completes.
Lastly, im not sure how to catch, but you can fake a javascript as a gif by putting GIF89 as the first bytes and some other tricks to validate as an image, be careful displaying uploaded content

Collapse
kalvaro profile image
Álvaro González

Also you can use is_uploaded_file and move_uploaded_file to ensure you only modify the freshly uploaded file.
You can also use UPLOAD_ERROR_OK, as sometimes a file upload only partially completes.

Exactly! This article made me wonder why they aren't even mentioned when they're the standard way to handle file uploads in PHP.

P.S. Is it possible that the comment form does not even work in Firefox?