<!-- BEGIN COPY / PASTE -->
    // Example of secure file upload handling in PHP
    $allowedTypes = ['image/jpeg', 'image/png', 'application/pdf'];
    $maxFileSize = 2 * 1024 * 1024; // 2 MB

    if (in_array($_FILES['upload']['type'], $allowedTypes) && $_FILES['upload']['size'] <= $maxFileSize) {
        $safeName = preg_replace("/[^a-zA-Z0-9.]/", "_", basename($_FILES['upload']['name']));
        move_uploaded_file($_FILES['upload']['tmp_name'], "/uploads/" . $safeName);
    } else {
        echo "Invalid file type or size.";
    }
    <!-- END COPY / PASTE -->