Handling file uploads is a common requirement in modern web applications — whether it’s profile pictures, PDFs, or large media files. Fortunately, Laravel makes it incredibly easy to manage file uploads with built-in methods and powerful configuration options.
In this guide, we’ll explore how to handle file uploads in Laravel efficiently, securely, and professionally — with plenty of tips and code examples.
Why Use Laravel for File Uploads?
Laravel offers a developer-friendly approach to handling file uploads:
- Simplified file validation and storage
- Built-in support for local, cloud (S3), and custom filesystems via Flysystem
- Clean syntax and robust error handling
- Secure handling with validation and sanitization
Let’s dive into how to implement file uploads step-by-step.
Step 1: Create a File Upload Form
Start with a simple form in Blade. Ensure the form uses enctype="multipart/form-data":
<form action="{{ route('upload') }}" method="POST" enctype="multipart/form-data">
@csrf
<input type="file" name="document">
<button type="submit">Upload</button>
</form>
Step 2: Validate the Uploaded File
In your controller, validate the file before storing it:
public function upload(Request $request)
{
$request->validate([
'document' => 'required|file|mimes:pdf,jpg,png|max:2048', // max 2MB
]);
$file = $request->file('document');
$path = $file->store('uploads', 'public');
return back()->with('success', 'File uploaded successfully to ' . $path);
}
Pro Tip:
- Use
mimes:to limit file types - Use
max:to restrict size (in kilobytes) - Use
requiredto ensure the file field isn’t empty
Step 3: Storing Files
Laravel provides the store() method to simplify file saving.
$file->store('directory-name', 'disk-name');
Common Storage Options:
storage/app(default disk:local)storage/app/public(disk:public)Amazon S3(disk:s3— requires config)
Example:
$file->store('invoices', 'public'); // stored in storage/app/public/invoices
Step 4: Store with Custom Filename
Want to rename the file before storing it?
$filename = time() . '_' . $file->getClientOriginalName();
$file->storeAs('uploads', $filename, 'public');
Step 5: Upload to Amazon S3 or Cloud Storage
Update .env with your cloud credentials and set up config/filesystems.php.
Then upload:
$file->store('documents', 's3');
You can also generate a public URL:
$url = Storage::disk('s3')->url($path);
Bonus: Display Uploaded Files
To make files accessible via the browser:
- Run this once:
php artisan storage:link
- Access your files:
asset('storage/uploads/' . $filename);
Best Practices for File Uploads
- Always validate file types and size to prevent malicious uploads.
- Avoid using original filenames directly — rename files to avoid conflicts or unsafe characters.
- Use private storage for sensitive files and control access via signed URLs or download routes.
- Clean up unused files periodically to avoid bloat.
- Secure public uploads by limiting MIME types and sanitizing content when needed.
Summary
| Task | Laravel Method |
|---|---|
| Upload file | $request->file('field')->store() |
| Rename file | storeAs() |
| Validate upload | $request->validate() |
| Cloud upload | Storage::disk('s3')->put() |
| Make accessible | php artisan storage:link |
Final Thoughts
Laravel streamlines the file upload process, offering simple yet powerful methods to handle everything from basic uploads to cloud storage integration. With proper validation and secure practices, you can build a fast, safe, and user-friendly file upload system in no time.
Comments