How does PHP handle file uploads?
Why Interviewers Ask This
This tests whether you can apply PHP knowledge to real-world scenarios. Interviewers are looking for clarity of thought and evidence that you've encountered this in production code.
Answer
File uploads in PHP use an HTML form with enctype="multipart/form-data" and method="POST". The uploaded file data is available in $_FILES["fieldname"] which contains: name (original filename), type (MIME type — do not trust this), tmp_name (temp path on server), error (UPLOAD_ERR_OK if successful), and size (file size in bytes). After validating, move the file with move_uploaded_file($_FILES["file"]["tmp_name"], $destination). Security: validate the actual MIME type using finfo_file(), check file extension against an allowlist, limit file size, use a non-guessable filename, store files outside the webroot if possible, and never trust the client-provided filename or MIME type.
Common Mistake
Candidates often give textbook answers here. Interviewers are more impressed when you relate the concept to a specific problem you solved in a real PHP project.
Previous
What is the difference between include_once and require_once?
Next
What is output buffering in PHP?