English
English
<span><span><span class="hljs-meta"><?php</span></span><span>
</span><span><span class="hljs-comment">// This part of the code is unrelated to the article, only for demonstration purposes</span></span><span>
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-string">"Welcome to this article!"</span></span><span>;
</span><span><span class="hljs-meta">?></span></span><span>
<p><hr></p>
<p></span># How to Use the md5_file Function in PHP to Verify the Legitimacy of File Uploads?<span></p>
<p>In web development, file upload functionality is a very common requirement. However, to ensure security, developers need to validate uploaded files to prevent the risks posed by malicious uploads. PHP offers multiple file validation methods, and among them, the <code>md5_file$filename: The path of the file for which to compute the hash value
$binary (optional): Whether to return the result in binary form. By default, a hexadecimal string is returned.
When uploading files, attackers may attempt to upload malicious code or tampered files. By calculating the MD5 value of an uploaded file, we can:
Verify whether the file was altered or corrupted during transmission
Compare the MD5 value of the uploaded file with the MD5 of a known safe file to determine its legitimacy
Prevent duplicate uploads of the same file (useful for caching or deduplication)
After a user uploads a file, PHP stores it in a temporary directory.
Use md5_file to calculate the MD5 value of the temporary file.
Compare the calculated MD5 with a predefined list of legitimate file hash values.
If it matches, the file is valid; otherwise, the upload is rejected.
<span><span><span class="hljs-meta"><?php</span></span><span>
</span><span><span class="hljs-comment">// Predefined list of legitimate file MD5 values</span></span><span>
</span><span><span class="hljs-variable">$allowed_md5_list</span></span><span> = [
</span><span><span class="hljs-string">'d41d8cd98f00b204e9800998ecf8427e'</span></span><span>, </span><span><span class="hljs-comment">// Empty file example</span></span><span>
</span><span><span class="hljs-string">'5d41402abc4b2a76b9719d911017c592'</span></span><span>, </span><span><span class="hljs-comment">// Example MD5</span></span><span>
];
</span><span><span class="hljs-comment">// Check if the file was uploaded successfully</span></span><span>
</span><span><span class="hljs-keyword">if</span></span><span> (</span><span><span class="hljs-keyword">isset</span></span><span>(</span><span><span class="hljs-variable">$_FILES</span></span><span>[</span><span><span class="hljs-string">'upload'</span></span><span>]) && </span><span><span class="hljs-variable">$_FILES</span></span><span>[</span><span><span class="hljs-string">'upload'</span></span><span>][</span><span><span class="hljs-string">'error'</span></span><span>] === UPLOAD_ERR_OK) {
</span><span><span class="hljs-variable">$tmp_file</span></span><span> = </span><span><span class="hljs-variable">$_FILES</span></span><span>[</span><span><span class="hljs-string">'upload'</span></span><span>][</span><span><span class="hljs-string">'tmp_name'</span></span><span>];
</span><span><span class="hljs-comment">// Calculate the MD5 value of the uploaded file</span></span><span>
</span><span><span class="hljs-variable">$file_md5</span></span><span> = </span><span><span class="hljs-title function_ invoke__">md5_file</span></span><span>(</span><span><span class="hljs-variable">$tmp_file</span></span><span>);
</span><span><span class="hljs-comment">// Check if the MD5 is in the allowed list</span></span><span>
</span><span><span class="hljs-keyword">if</span></span><span> (</span><span><span class="hljs-title function_ invoke__">in_array</span></span><span>(</span><span><span class="hljs-variable">$file_md5</span></span><span>, </span><span><span class="hljs-variable">$allowed_md5_list</span></span><span>)) {
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-string">"File upload is valid, MD5 verification passed."</span></span><span>;
</span><span><span class="hljs-comment">// Subsequent operations like saving the file can be performed here</span></span><span>
} </span><span><span class="hljs-keyword">else</span></span><span> {
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-string">"File upload is invalid, MD5 verification failed."</span></span><span>;
</span><span><span class="hljs-comment">// The file can be deleted or an error returned here</span></span><span>
}
} </span><span><span class="hljs-keyword">else</span></span><span> {
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-string">"No uploaded file detected or an upload error occurred."</span></span><span>;
}
</span><span><span class="hljs-meta">?></span></span><span>
</span></span>MD5 has been proven to have collision risks and is not suitable for high-security scenarios such as password storage. However, it is still effective for file integrity verification, especially when comparing against known files.
To enhance security, it is recommended to combine file type detection (e.g., MIME type), file extension checks, file size limits, and other validation measures.
For higher security requirements, consider using stronger hashing algorithms such as SHA-256 (hash_file('sha256', $filename)).
The md5_file function provides a simple and effective way to validate file uploads in PHP. By calculating the MD5 value of an uploaded file and comparing it against legitimate file hash values, you can effectively block illegal file uploads and secure your website. When combined with other security measures, the safety of the file upload module can be greatly improved.
<span></span>