File validation inahakikisha:

User hawezi kupakia files zisizo halali au hatari.

Ukubwa wa file hauzidi limit uliowekwa.

System inabaki salama kutokana na malicious uploads.

Validation inafanywa kabla ya move_uploaded_file().

βš™οΈ 2. HTML Form ya File Upload
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="uploaded_file" required>
<button type="submit" name="submit">Upload</button>
</form>


enctype="multipart/form-data" lazima iwe.

name="uploaded_file" ni input tunalotumia PHP.

🧩 3. PHP Script ya File Validation
<?php
if(isset($_POST['submit'])){
$target_dir = "uploads/";

if(!is_dir($target_dir)){
mkdir($target_dir, 0755, true);
}

$file_name = basename($_FILES['uploaded_file']['name']);
$target_file = $target_dir . time() . "_" . $file_name;
$file_type = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
$file_size = $_FILES['uploaded_file']['size'];

// Allowed file types
$allowed_types = ['jpg','jpeg','png','gif','pdf','doc','docx'];

// Max file size (5MB)
$max_size = 5 * 1024 * 1024;

// Validate file type
if(!in_array($file_type, $allowed_types)){
die("❌ Error: Only JPG, PNG, GIF, PDF, DOC allowed.");
}

// Validate file size
if($file_size > $max_size){
die("❌ Error: File too large. Max 5MB allowed.");
}

// Move file
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $target_file)){
echo "βœ… File uploaded successfully: <a href='$target_file' target='_blank'>View File</a>";
} else {
echo "❌ Error uploading file.";
}
}
?>


πŸ’‘ Maelezo:

in_array() inakagua file extension.

$_FILES['uploaded_file']['size'] inakagua size.

time() . "_" . $file_name inazalisha unique filename.

πŸ”‘ 4. Vidokezo vya Usalama Zaidi

Check MIME type optionally – mime_content_type() kwa extra security.

Store files outside web root – avoid direct access.

Rename files – prevent overwriting & execution.

Limit folder permissions – usually 0755.

Avoid uploading scripts – .php, .js kwenye public folder.

βœ… 5. Hitimisho

File type na size validation ni must-have kwa secure uploads.

Combine na authentication & CSRF tokens kwa web security zaidi.

Best practices: validate type & size, unique filenames, secure directory, avoid scripts.

πŸ”— Tembelea:

πŸ‘‰ https://www.faulink.com/

Kwa mafunzo zaidi ya PHP, file handling, na secure web application development.