What are some best practices for handling file paths and filenames in PHP when accessing them for streaming purposes?

When handling file paths and filenames in PHP for streaming purposes, it's important to sanitize and validate the input to prevent directory traversal attacks and ensure compatibility across different operating systems. One common approach is to use the realpath() function to resolve the full path of the file and then use functions like basename() to extract the filename for streaming.

// Example of handling file paths and filenames for streaming purposes
$filePath = &#039;/path/to/file.txt&#039;;

// Sanitize and validate the file path
$realPath = realpath($filePath);
if ($realPath &amp;&amp; is_file($realPath)) {
    $fileName = basename($realPath);

    // Implement streaming logic here
    header(&#039;Content-Type: application/octet-stream&#039;);
    header(&#039;Content-Disposition: attachment; filename=&quot;&#039; . $fileName . &#039;&quot;&#039;);
    readfile($realPath);
} else {
    echo &#039;Invalid file path&#039;;
}

Keywords

file paths filenames streaming PHP functions error types

What are some best practices for handling file paths and filenames in PHP when accessing them for streaming purposes?

Keywords

Related Questions