Home > Mobile >  Safety in laravel file upload
Safety in laravel file upload

Time:04-15

I have a simple question.. Is it safe to have a app that has a file upload system for users to send images to our project, and store those files in this directory?

$file->move(public_path('../storage/app/public/files'), $name);

Or is it better to store in:

$file->move(public_path('files'), $name); 

This way it stores the file in the "files" directory inside the public directory.

CodePudding user response:

That would be ok and also depends on your app and number of users but I recommend to change the name of the file and also you can accept only JPG or PNG file for more security for changing the name of the file you can do it like this :

   $image_name = rand() . '.' . $image->getClientOriginalExtension();
        $image->move(public_path('images'), $image_name);

CodePudding user response:

with this function you can get all data from db for that id then you can show whatever you want in the blade

public function show($id)
{
    $data = YOUR_MODEL::findOrFail($id);
    return view('view', compact('data'));

}
  • Related