How to safely prevent uploaded file from being run via PHP on any server?

Question

I noticed that it\'s possible to run a file via PHP even if its extension wasn\'t .php, for example file test.xyz.php.whatever.zyx can be still run wit

Answer 1

for uploading by users I suggest that you upload a folder in a layer above the root path in this case Only You Have Access To upload folder( In direct addressing) and an attacker have not access to any files in this folder Thus you disable an attacker action to run malicious file