6 Filesystem Access: Accessing the Filesystem for Fun and Profit

Sometimes you just can’t avoid dealing directly with the filesystem. Files have to be opened, created, modified, and deleted. In this chapter, we discuss how to go about these tasks without opening up your application to every script kiddie with a couple of hours to kill.

Opening Files

There are two types of files an application can open in PHP:

• Local files

• Remote files

Both carry some risk, but opening local files is generally safer, so we’ll start there. Opening a local file is just like any other system call; as long as you’re careful to verify what you’re opening and don’t allow access to anything but what you intend, you’ll be all right. ...

Get Securing PHP Web Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.