What is the best practice for storing and displaying image file names in PHP?
When storing and displaying image file names in PHP, it is best practice to sanitize the file names to prevent any security vulnerabilities such as directory traversal attacks. This can be done by using functions like `basename()` to extract the file name from the path and `htmlspecialchars()` to escape any special characters that could be used in XSS attacks.
// Example of sanitizing and displaying an image file name
$filePath = '/path/to/images/image.jpg';
$fileName = basename($filePath);
$escapedFileName = htmlspecialchars($fileName);
echo "<img src='path/to/images/{$escapedFileName}' alt='Image'>";
Keywords
Related Questions
- What are the best practices for designing functions that restrict direct database access and only allow specific actions, such as displaying content or submitting support tickets?
- What potential issues can arise when using fopen with HTML files in PHP?
- What are the potential pitfalls of using the extract() function in PHP, and how can warnings like "First argument should be an array" be addressed?