How to avoid UNLINK security risks in PHP?

后端 未结 7 1052
深忆病人
深忆病人 2021-01-12 18:59

I\'m using UNLINK with PHP and AJAX. I know that in this way is very dangerous, because everyone can delete any files. But I need to use AJAX

相关标签:
7条回答
  • 2021-01-12 19:51

    A different suggestion: don't store files on disk, but put them in a database. This keeps a very clear distinction between your site+scripts and "user data".

    (someone once told me that files were files, and databases were for data, and those are different, but as I see it, files contain data anyway. mysql has a perfect LONGBLOB type to put anything in, and you can store meta-data, such as file-type and filename, in separate fields in the same data row, which keeps things clean and simple)

    0 讨论(0)
提交回复
热议问题