PHP — P80: Final Upload Checks

Dino Cajic
3 min readOct 24, 2022
Dino Cajic on PHP Upload Checks

There are a few more checks that we need to accomplish to solidify our form submission. You can never be too careful especially when allowing others to upload files to your server. I recommend using a tried and tested PHP package, but we’re learning how stuff works here so we’ll do a few more tests ourselves.

View this article and others on my website.


We have a basic HTML form and a simple process script.

In our file upload script above, the first check that occurs is the file extension check. After it passes, the next check is the file size check. If that passes too, the file is moved from its temporary location to its final location.

Checking the File Name

Imagine that a potential hacker looks at your website and tries to upload an image with the same name as another image on your site. If you’re not checking whether that filename already exists, they could theoretically replace all of your images with whatever they like.

It doesn’t even need to be that nefarious. It could be purely accidental. We still don’t want our images replaced.

$file_name   = $_FILES["file_name"]["name"];
$target_file = "uploads/" . $file_name;

Dino Cajic

Author of An Illustrative Introduction to Algorithms. IT Leader with a B.S. in Computer Science, a minor in Biology, and a passion for learning.