In PHP, what is the $_FILES superglobal array and what information does it contain for each uploaded file?

Introduction / Context:
When users upload files through HTML forms, PHP provides structured information about those files in a special superglobal array called $_FILES. Understanding how $_FILES is organised and what fields it contains is essential for handling uploads correctly, including validating file types, checking sizes, and moving files to permanent locations. Interview questions about $_FILES test whether developers know how file uploads are represented in PHP.

Given Data / Assumptions:

• The HTML form uses method POST and enctype multipart/form-data with one or more file input fields.
• PHP receives the uploaded files and writes them temporarily to a server directory.
• For each file input field, PHP populates entries in the $_FILES array.
• The question asks what $_FILES represents and what information it holds.

Concept / Approach:
$_FILES is a superglobal associative array, similar to $_GET and $_POST, but dedicated to file uploads. For each file input field name, $_FILES contains a nested associative array with keys such as name, type, tmp_name, error, and size. These elements describe the original filename as provided by the browser, the MIME type as reported by the client, the temporary location on the server where PHP stored the uploaded file, any error code associated with the upload, and the file size in bytes. For multiple file uploads, these entries may themselves be arrays indexed by file position.

Step-by-Step Solution:
Step 1: Suppose you have an HTML input field <input type="file" name="photo">. After the user uploads a file and submits the form, PHP fills $_FILES["photo"] with information about that file. Step 2: $_FILES["photo"]["name"] holds the original filename as reported by the browser, for example picture.jpg. Step 3: $_FILES["photo"]["type"] holds the MIME type string sent by the browser, such as image/jpeg, although this should not be fully trusted for security decisions. Step 4: $_FILES["photo"]["tmp_name"] contains the path to the temporary file on the server where PHP stored the uploaded content, which is used with move_uploaded_file() to move the file to a permanent directory. Step 5: $_FILES["photo"]["error"] contains an integer error code indicating whether the upload succeeded or what kind of error occurred, such as file too large or partial upload. Step 6: $_FILES["photo"]["size"] contains the size of the uploaded file in bytes, which can be compared against application limits. For multiple files, these keys may each be arrays instead of simple values.

Verification / Alternative check:
You can confirm these details by printing $_FILES with var_export() in a test script after uploading a file. The output will show the nested structure with name, type, tmp_name, error, and size under the input field name. Uploading multiple files with the same name attribute using array syntax will show deeper nested arrays, but the same keys are present for each file, demonstrating that $_FILES consistently models upload metadata.

Why Other Options Are Wrong:
Option b is wrong because include and require do not populate $_FILES; they load PHP code but do not relate to file uploads. Option c is incorrect because $_FILES exists only on the server side in PHP; client side JavaScript has its own FileList objects and cannot directly manipulate server side variables. Option d is wrong because $_FILES does not define configuration; it holds upload data for the current request.

Common Pitfalls:
Common pitfalls with $_FILES include trusting the MIME type or original name without validating the actual file content, which can introduce security risks, and forgetting to check the error code before processing a file. Another issue is mishandling multiple uploads due to the nested array structure. Developers should carefully validate file sizes, types, and error codes before moving files and should always use move_uploaded_file() with the tmp_name entry to ensure safe handling. Knowing exactly what $_FILES contains is the first step toward secure and reliable upload processing.

Final Answer:
$_FILES is a PHP superglobal array that holds metadata about files uploaded via HTTP POST, including the original filename, reported MIME type, temporary server filename, upload error code, and size for each file input field.