What are the potential security risks of storing the full file path in a database when uploading files with PHP?
Storing the full file path in a database when uploading files with PHP can pose security risks as it exposes sensitive information about the server's file structure to potential attackers. To mitigate this risk, it is recommended to store only the file name in the database and keep the files in a secure, non-public directory on the server.
// Get the file name
$fileName = $_FILES['file']['name'];
// Move the uploaded file to a secure directory
$uploadDirectory = 'uploads/';
$targetFile = $uploadDirectory . $fileName;
move_uploaded_file($_FILES['file']['tmp_name'], $targetFile);
// Store only the file name in the database
$query = "INSERT INTO files (file_name) VALUES ('$fileName')";
// Execute the query
Keywords
Related Questions
- In what scenarios would it be advisable to use arrays or external libraries like php-i18n for handling translations in PHP applications?
- What are the potential pitfalls of trying to dynamically load a stylesheet in PHP for print layouts?
- What are the potential pitfalls of displaying images from a folder in PHP, and how can they be avoided?