What are the potential pitfalls of not properly formatting file paths in PHP upload scripts?

Potential pitfalls of not properly formatting file paths in PHP upload scripts include security vulnerabilities such as directory traversal attacks, file overwriting, and unintended file execution. To prevent these issues, always sanitize and validate user input, use absolute file paths, and restrict file uploads to a specific directory.

// Example of properly formatting file paths in PHP upload script
$uploadDir = '/var/www/uploads/';
$uploadFile = $uploadDir . basename($_FILES['file']['name']);

if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadFile)) {
    echo "File is valid, and was successfully uploaded.";
} else {
    echo "Possible file upload attack!";
}