Accepting user uploads to our site requires both validation and security: validation to check that the file is correct (the right size and format) and security to ensure that nothing nefarious is being uploaded. So far in I’ve made a form and a basic PHP page that transfers the file; what we want now is to make that transfer conditional on the file passing several tests.

Turning back to the PHP for transferring the file, we’ll add two lines. These additions will not prevent the file from being uploaded, but they will give us a hint as to what we should inspect to see if we should do so:

In order to upload files from a web page, we must create a means of allowing the user to locate the file they wish to provide us with. As I mentioned in an earlier article, there are two methods of doing so: the HTML5 drag-and-drag method (useful for images and multiple files) and the traditional (and more broadly supported) HTML “browse for file” option. In this entry, we’ll concentrate on the latter.

First, we need a form to take the file, along with any other information the user provides us with. The action of the form specifies how and where that information is processed. As we expect the user to include more than simple text data, we must enhance the form tag with an enctype attribute: