What best practices should be followed when displaying images in a PHP script?

When displaying images in a PHP script, it is important to ensure that the images are not directly accessible by users and to prevent any security vulnerabilities such as directory traversal attacks. One common best practice is to store images outside of the web root directory and use PHP to fetch and display them securely.

&lt;?php
// Define the path to the image directory
$imageDir = &#039;/path/to/image/directory/&#039;;

// Get the image file name from a query parameter
$imageName = $_GET[&#039;image&#039;];

// Validate the image file name to prevent directory traversal
if (strpos($imageName, &#039;..&#039;) === false) {
    // Display the image if it exists in the image directory
    $imagePath = $imageDir . $imageName;
    if (file_exists($imagePath)) {
        header(&#039;Content-Type: image/jpeg&#039;); // Set the appropriate content type
        readfile($imagePath); // Output the image
        exit;
    }
}

// Display a default image or an error message if the image is not found
echo &#039;Image not found&#039;;
?&gt;

Keywords

image display PHP script security file validation image resizing

What best practices should be followed when displaying images in a PHP script?

Keywords

Related Questions