What are some common security issues or limitations when accessing local files on a client's machine using PHP?

One common security issue when accessing local files on a client's machine using PHP is the risk of exposing sensitive information or allowing unauthorized access to files outside the intended directory. To mitigate this risk, it is important to sanitize user input and validate file paths before accessing them. Additionally, restricting access to specific directories and using proper file permissions can help prevent unauthorized access.

// Example of sanitizing user input and validating file paths
$directory = 'uploads/';
$filename = $_GET['file'];

// Validate file path
if (strpos($filename, '../') === false && file_exists($directory . $filename)) {
    // Access the file
    $file_content = file_get_contents($directory . $filename);
    echo $file_content;
} else {
    echo "Invalid file path";
}