FAUSTINE MWOYA November 12, 2025 1 min read

Jinsi ya Kufanya File Type na Size Validation

File validation inahakikisha:

User hawezi kupakia files zisizo halali au hatari.

Ukubwa wa file hauzidi limit uliowekwa.

System inabaki salama kutokana na malicious uploads.

Validation inafanywa kabla ya move_uploaded_file().

⚙️ 2. HTML Form ya File Upload
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="uploaded_file" required>
<button type="submit" name="submit">Upload</button>
</form>

enctype="multipart/form-data" lazima iwe.

name="uploaded_file" ni input tunalotumia PHP.

🧩 3. PHP Script ya File Validation
<?php
if(isset($_POST['submit'])){
$target_dir = "uploads/";

if(!is_dir($target_dir)){
mkdir($target_dir, 0755, true);
}

$file_name = basename($_FILES['uploaded_file']['name']);
$target_file = $target_dir . time() . "_" . $file_name;
$file_type = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
$file_size = $_FILES['uploaded_file']['size'];

// Allowed file types
$allowed_types = ['jpg','jpeg','png','gif','pdf','doc','docx'];

// Max file size (5MB)
$max_size = 5 * 1024 * 1024;

// Validate file type
if(!in_array($file_type, $allowed_types)){
die("❌ Error: Only JPG, PNG, GIF, PDF, DOC allowed.");
}

// Validate file size
if($file_size > $max_size){
die("❌ Error: File too large. Max 5MB allowed.");
}

// Move file
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $target_file)){
echo "✅ File uploaded successfully: <a href='$target_file' target='_blank'>View File</a>";
} else {
echo "❌ Error uploading file.";
}
}
?>

💡 Maelezo:

in_array() inakagua file extension.

$_FILES['uploaded_file']['size'] inakagua size.

time() . "_" . $file_name inazalisha unique filename.

🔑 4. Vidokezo vya Usalama Zaidi

Check MIME type optionally – mime_content_type() kwa extra security.

Store files outside web root – avoid direct access.

Rename files – prevent overwriting & execution.

Limit folder permissions – usually 0755.

Avoid uploading scripts – .php, .js kwenye public folder.

✅ 5. Hitimisho

File type na size validation ni must-have kwa secure uploads.

Combine na authentication & CSRF tokens kwa web security zaidi.

Best practices: validate type & size, unique filenames, secure directory, avoid scripts.

🔗 Tembelea:

👉 https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, file handling, na secure web application development.

🚀 Unahitaji mfumo au website ya biashara?

Chagua huduma hapa chini kisha mteja bofya moja kwa moja kwenda kwenye ukurasa wa huduma au kuwasiliana nasi kwa WhatsApp.

🌐 Website Design 🏫 Mfumo wa Shule 🗄️Mfumo wa Mauzo 💳 Mfumo wa vikoba 💳 Mfumo wa Ratiba 💬 Chat WhatsApp
Share this post
Previous Next

Comments

0
No comments yet. Be the first to comment.

Continue Reading

Subscribe

Get new updates

Jiunge upokee posts mpya, tutorials, na updates za mifumo moja kwa moja kwenye email yako.

Faulink Support