What are the best practices for handling file operations in PHP when displaying images based on user input?

When displaying images based on user input in PHP, it is important to sanitize and validate the user input to prevent directory traversal attacks and other security vulnerabilities. It is recommended to store images in a separate directory outside of the web root and use a database to map user input to the corresponding image file.

// Sanitize and validate user input
$userInput = $_GET[&#039;image&#039;];
$allowedImages = [&#039;image1.jpg&#039;, &#039;image2.jpg&#039;, &#039;image3.jpg&#039;]; // List of allowed images

if (in_array($userInput, $allowedImages)) {
    // Directory where images are stored
    $imageDirectory = &#039;/path/to/image/directory/&#039;;
    
    // Display the image
    echo &#039;&lt;img src=&quot;&#039; . $imageDirectory . $userInput . &#039;&quot; alt=&quot;User Image&quot;&gt;&#039;;
} else {
    echo &#039;Invalid image input&#039;;
}

Keywords

file operations PHP images user input handling

What are the best practices for handling file operations in PHP when displaying images based on user input?

Keywords

Related Questions