Hello

Any one can please help me with my php security problem.

Actully I want to create an application that stores stuff in the same folder where the php script runs from.

I know that this could be quite a security risk, and any one please help me for minimize this risk.


Thanks in Advence!

Errrr....just strip all input of anything that can cause trouble.
That is all I can say without actually seeing the script......

While I'm not an expert with the security of files, I am pretty sure that what you've heard about writing files in the same directory as your php script is true.

I'm not exactly sure what you're trying to do, since you didn't say, but have you considered just writing into a subfolder then using rewrite rules (apache mod_rewrite) to allow web access from the folder you want?

Example store file "dog.jpg" in root\uploads\, but allow access from root\dog.jpg in a user's browser

and sensible folders should have access only trough .htaccess .htpasswd ;)