}
// DO NOT TRUST $_FILES['upfile']['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new finfo(FILEINFO_MIME_TYPE);
$validExts = array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif');
$ext = array_search($finfo->file($_FILES[$keyName]['tmp_name']), $validExts, true);
if (false === $ext) {
throw new RuntimeException('Invalid file format.');
}
// You should name it uniquely.
// DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
// On this example, obtain safe unique name from its binary data.
$fileName = sha1_file($_FILES[$keyName]['tmp_name']);
$location = sprintf('./uploads/%s.%s', $fileName, $ext);
if (!is_dir('./uploads')) {
mkdir('./uploads');
}
if (!move_uploaded_file($_FILES[$keyName]['tmp_name'], $location)) {
throw new RuntimeException('Failed to move uploaded file.');
}
echo 'File is uploaded successfully.';
} catch (RuntimeException $e) {
echo $e->getMessage();
}
}
}
$filehandler = new Filehandler();
$filehandler->upload('upfile2');
?>
</body>
</html>
