Skip to content
PHP secure file upload package
Branch: master
Clone or download
Latest commit 1ebe2f0 Feb 16, 2016
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples Add examples uploads folder Feb 15, 2016
resources Add Banner Feb 14, 2016
src Bug fix Release 0.1.2 Feb 15, 2016
.gitattributes Initial 0.1.0 release Feb 14, 2016
.gitignore Initial 0.1.0 release Feb 14, 2016
.travis.yml Bug fix Release 0.1.2 Feb 15, 2016 Initial 0.1.0 release Feb 14, 2016
LICENSE Initial 0.1.0 release Feb 14, 2016 Correct OWASP Text Feb 15, 2016
composer.json Change composer.json keywords Feb 14, 2016
phpdoc.dist.xml Initial 0.1.0 release Feb 14, 2016
phpunit.xml.dist Initial 0.1.0 release Feb 14, 2016

SecureUPload – PHP secure file upload package Build Status

SecureUPload – PHP secure file upload package banner SecureUPload is a PHP composer package to securely upload files. SecureUPload uses best practices for uploading files in PHP, so you can use it without any file upload security headaches. Furthermore, it’s flexible enough that fits to most of different projects structures.

Why SecureUPload?

File upload is a risky part in all web applications. There are multiple ways that an attacker could attack web application by file upload feature. So whenever a web application wants to add this feature, developers needs to write lots of code for make it risk free. But file uploads could be secure, if we don’t trust users provided data (including HTTP headers and files) and check everything carefully. For more information about file upload risks please see: OWASP Unrestricted File Upload

SecureUPload uses best practices steps for making a file upload secure. By using SecureUpload package, developer can focuses on other aspects of project and be sure about file uploads.


  • Single and multiple input file/files upload support
  • Support storing uploaded files in different location. For more info see storage_type SecureUPloadConfig section
  • Support different uploaded files organization
  • Configure accepted upload file types and minimum/maximum file size globally or upload specific
  • Zero dependency for production
  • Different error codes for invalid uploaded files for better error handling


Because SecureUPload has zero dependency, it can be installed as a composer package, or without composer and as a PHP library.

Install as composer package

$ composer install alirdn/secureupload

Install as PHP library

You must download it from project github page. Then unzip it and include src/autoloader.php file in your PHP project. All done!

Basic Usage


use Alirdn\SecureUPload\Config\SecureUPloadConfig;
use Alirdn\SecureUPload\SecureUPload;

// Create SecureUPloadConfig and set Uploaded files folder
$SecureUPloadConfig = new SecureUPloadConfig;
$SecureUPloadConfig->set( 'upload_folder', 'uploads' . DIRECTORY_SEPARATOR );

// Create SecureUPload and give previously created config to it
$SecureUPload = new SecureUPload( $SecureUPloadConfig );

// Upload a file
$Upload = $SecureUPload->uploadFile( 'file' );

// Check uploaded file
if ( $Upload->status ) {
// File has been set in <input type="file" name="file"/>
 if ( $Upload->status == 1 ) {
  echo 'File uploaded successfully. Id: ' . $Upload->id;
  // Save $Upload->id for future uses.
 } else {
  echo 'File didn\'t uploaded. Error code: ' . $Upload->error;
  // Show error
} else {
 // No file is selected in input field



SecureUPload works with PHP 5.3.0 and above. HHVM is also tested and worked as well.

Bugs & feature requests

For submitting bugs or feature requests, use Github repository issues.


  • Add virus scan services API
  • Add save to database feature


SecureUPload is licensed under MIT License. see the LICENSE file for details.



You can’t perform that action at this time.