File uploads ni common feature, lakini pia inapotumika vibaya, inaweza kupelekea:

Upload ya malicious scripts (PHP, JS, etc.)

Server compromise

Data leaks

Goal: Allow uploads safely kwa validating type, size, na filename, na kuhifadhi files kwa secure location.

βš™οΈ 2. HTML Upload Form
<h2>Upload File</h2>
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="uploaded_file" required><br><br>
<button type="submit" name="upload">Upload</button>
</form>


enctype="multipart/form-data" is required for file uploads.

🧩 3. PHP Secure Upload (upload.php)
<?php
if(isset($_POST['upload'])){
$file = $_FILES['uploaded_file'];

// Define allowed types and max size
$allowed_types = ['image/jpeg','image/png','application/pdf'];
$max_size = 2 * 1024 * 1024; // 2MB

// Check for upload errors
if($file['error'] !== UPLOAD_ERR_OK){
die("❌ File upload error.");
}

// Validate file type
if(!in_array($file['type'], $allowed_types)){
die("❌ File type not allowed.");
}

// Validate file size
if($file['size'] > $max_size){
die("❌ File is too large. Max 2MB.");
}

// Sanitize file name
$filename = preg_replace("/[^a-zA-Z0-9\._-]/", "_", $file['name']);

// Save to secure directory outside web root
$destination = __DIR__ . "/uploads/" . uniqid() . "_" . $filename;

if(move_uploaded_file($file['tmp_name'], $destination)){
echo "βœ… File uploaded successfully: $filename";
} else {
echo "❌ Failed to move uploaded file.";
}
}
?>


πŸ’‘ Maelezo:

$allowed_types – only allow safe MIME types.

$max_size – prevent large file attacks.

preg_replace() – sanitize filename.

uniqid() – avoid overwriting existing files.

Save outside web root if possible, to prevent direct access.

πŸ”‘ 4. Best Practices

Validate file type & size – prevent malicious uploads.

Sanitize filenames – avoid directory traversal.

Use unique names – prevent overwriting existing files.

Store files outside web root – serve via PHP script if needed.

Check for upload errors – handle $_FILES['file']['error'].

Limit permissions – uploaded files should not be executable.

βœ… 5. Hitimisho

Secure file upload is essential for protecting server integrity.

Combine type check, size check, filename sanitization, unique naming, na secure storage.

Can be extended with virus scanning and file content validation for extra security.

πŸ”— Tembelea:

πŸ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, secure file handling, na web security best practices.