Are there any security concerns to consider when creating folders based on user input in PHP?

When creating folders based on user input in PHP, there is a security concern known as directory traversal attack. This occurs when a user inputs "../" in the folder name, allowing them to navigate to directories outside of the intended folder structure. To prevent this, it is important to sanitize user input and validate the folder name to ensure it only contains allowed characters.

$userInput = $_POST[&#039;folderName&#039;];

// Sanitize user input
$folderName = preg_replace(&#039;/[^a-zA-Z0-9]/&#039;, &#039;&#039;, $userInput);

// Validate folder name
if ($folderName !== &#039;&#039;) {
    // Create folder with sanitized user input
    mkdir(&quot;uploads/&quot; . $folderName);
} else {
    echo &quot;Invalid folder name.&quot;;
}

Keywords

PHP security user input folder creation validation

Are there any security concerns to consider when creating folders based on user input in PHP?

Keywords

Related Questions