What are common mistakes to avoid when working with variables in file_get_contents() in PHP?

Common mistakes to avoid when working with variables in file_get_contents() in PHP include not properly sanitizing user input before using it in the function, not checking if the file exists before attempting to read it, and not handling potential errors that may occur during the file reading process. To avoid these mistakes, it is important to validate and sanitize user input before passing it to file_get_contents(), use file_exists() to check if the file exists before attempting to read it, and use error handling techniques such as try-catch blocks to handle any potential errors that may occur during the file reading process.

// Example of properly sanitizing user input and checking if the file exists before using file_get_contents()

$filename = $_GET['filename']; // Assuming user input is coming from a form

// Sanitize user input
$filename = filter_var($filename, FILTER_SANITIZE_STRING);

// Check if the file exists
if (file_exists($filename)) {
    try {
        $file_content = file_get_contents($filename);
        echo $file_content;
    } catch (Exception $e) {
        echo "An error occurred while reading the file.";
    }
} else {
    echo "File does not exist.";
}