} // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. $finfo = new finfo(FILEINFO_MIME_TYPE); $validExts = array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'); $ext = array_search($finfo->file($_FILES[$keyName]['tmp_name']), $validExts, true); if (false === $ext) { throw new RuntimeException('Invalid file format.'); } // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. $fileName = sha1_file($_FILES[$keyName]['tmp_name']); $location = sprintf('./uploads/%s.%s', $fileName, $ext); if (!is_dir('./uploads')) { mkdir('./uploads'); } if (!move_uploaded_file($_FILES[$keyName]['tmp_name'], $location)) { throw new RuntimeException('Failed to move uploaded file.'); } echo 'File is uploaded successfully.'; } catch (RuntimeException $e) { echo $e->getMessage(); } } } $filehandler = new Filehandler(); $filehandler->upload('upfile2'); ?> </body> </html>