What potential security risks are associated with using the unlink() function in PHP to delete files?
Using the unlink() function in PHP to delete files can pose a security risk if user input is not properly sanitized. This can lead to directory traversal attacks where an attacker can delete files outside the intended directory. To mitigate this risk, it is important to validate and sanitize user input before passing it to the unlink() function.
$file = 'uploads/' . basename($_GET['file']);
if (strpos($file, 'uploads/') === 0 && file_exists($file)) {
unlink($file);
echo 'File deleted successfully.';
} else {
echo 'Invalid file path.';
}
Related Questions
- Are there any PHP libraries or tools specifically designed for converting Word documents to HTML for web content?
- What are the common reasons for discrepancies in data display between different PHP pages within the same application, and how can this be rectified?
- What is the difference between using meta refresh and header function for page redirection in PHP?