All geek questions in one place

Work with confidential information in a variable and load after use

I am writing a parser for a digital application that my bank issued and it works, but tell me if I want other people to upload their applications to it. What is the best way to handle variable data after running a script?

First I use file($_FILES['uploadedfile']['tmp_name']) to get the file data. After the script completes, is this temporary file deleted? Or do I need it myself?

For variables, is unset() enough or do I need to take another step?

+4
source share
2 answers

Variables are stored in memory, and as soon as the script is finished, the memory is freed and they are destroyed and cannot be restored. There is no need to call unset() on them, as this happens implicitly when the script exits.

Temporary files created when loading files that appear in the $_FILES array should be deleted as soon as the script is completed, but if you want to be sure of this, you can call unlink() on them.

As long as you do not store sensitive data in $_SESSION , cookies, or anything else that is clearly persistent, you should be fine.

If you need to save some data on the server, you can encrypt it, for example, Mcrypt .

+3
source

The temporary file will be deleted. However, AFAIK you cannot really influence this. Use unlink() to exclude deletion.

Regarding variables: there is no need for unset() in them, since they are stored only in RAM and will be destroyed when scripts are completed.

+2
source

Source: https://habr.com/ru/post/1385682/

More articles:


All Articles