Menu
I have a script that upload files to my server here is my code
When a user uploads a file to the server
My script renames the file and save the details in db.
I place files outside of web root.
so is my approach safe?
990
asked Feb 15 '26 01:02
You should do further input validation on your file, like:
check the file size
check the file type with a "File Type Recogniser"
check content header
You can also check best practices for file uploads here: https://www.owasp.org/index.php/Unrestricted_File_Upload
Never run the file on your server.
to check content type (i've never done this myself btw) you can try soemthing like:
$file = "path2file";
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($file);
if(in_array($type,array("application/zip", "application/x-zip", .. whatever content types are ok...)))
//you passed
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
