Validate user input for file_get_contents PHP
In my php file I use a $_GET parameter to open a file on my server, like so:
$filename = $_GET["filename"];
$content = file_get_contents("/path_to_files/".$filename);
My question is, how do I make this more secure so the user cannot access
files in parent folders on the server? Is this something I need to do on
the server such as permissions and/or configurations? Or should $filename
be validated in my php file? Thanks in advance!
No comments:
Post a Comment