How to Only Allow Certain Filetypes on Upload in PHP

How can I only allow certain filetypes on upload in php?

Put the allowed types in an array and use in_array().

$file_type = $_FILES['foreign_character_upload']['type']; //returns the mimetype

$allowed = array("image/jpeg", "image/gif", "application/pdf");
if(!in_array($file_type, $allowed)) {
  $error_message = 'Only jpg, gif, and pdf files are allowed.';
  $error = 'yes';
}

How to set max file upload size and allow only certain file types on PHP upload?

You can check the file size using $_FILES['uploadedfile']["size"]. The client-supplied file type is available in ...["type"].

But for your code you will want to probe the $ext variable against a whitelist (just looking for extensions to forbid might not be a good idea):

if (in_array($ext, array("jpeg","gif","png","txt","html"))) {
    if (move_uploaded_file(...

At this point it might be advisable to consider a readymade helper class/script for all the upload checking. Your code is quite unreadable already.

php file upload, how to restrict file upload type

The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see here or google.

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}

Limit file format when using input type= file ?

Strictly speaking, the answer is no. A developer cannot prevent a user from uploading files of any type or extension.

But still, the accept attribute of <input type = "file"> can help to provide a filter in the file select dialog box provided by the user's browser/OS. For example,

<!-- (IE 10+, Edge (EdgeHTML), Edge (Chromium), Chrome, Firefox 42+) --> 
<input type="file" accept=".xls,.xlsx" />

PHP: $_FILES - Why should i restrict specific file types?

It is mainly for security reasons. Everything in $_FILES is coming from the user's browser, so if you do not have strict validation on what you accept, malicious users could upload files that are

too large — what if someone uploads a 10 GB image?
have a dangerous file type — what if someone uploads a .php file to your server? Game over.
have an invalid name — what if someone sets the file name to ../../../file.txt? When you save the file, it could end up in a different directory due to the ../.. in the path. This is called a Path Traversal vulnerability.

When processing file uploads, you should validate all three of these against a whitelist. That is, have a list or range of values that you accept, and discard anything that does not fit those critera.

how to restrict user to upload image file only

You can use if else statement to check the file type

if (($_FILES["userfile"]["type"] == "image/gif")
    || ($_FILES["userfile"]["type"] == "image/jpeg")
    || ($_FILES["userfile"]["type"] == "image/jpg")
    || ($_FILES["userfile"]["type"] == "image/png")) {

//upload file
} else {
    //error
}