0

I'm looking for an alternative to get the data inside the $_FILES due to a codacy issue

enter image description here

I don't know how to don't use directly the superglobals.

I can't use filter_input like I did for resolve the same issue with $_POST

Below this, my form :

<form class="d-flex flex-column" method="post" action="/image/update/99/trick/144" enctype="multipart/form-data">
    <input type="file" name="newImg">
    <button type="submit">Modifier l'image</button>
</form>
  • What do you want to do with the content of `$_FILES`? – KIKO Software Nov 29 '20 at 18:44
  • I want to check the weight/the height-width/the extension + rename the file with the extension and save the picture in my database to use in a website –  Nov 29 '20 at 19:05
  • In that case you can use `$_FILES` as prescribed here: [move_uploaded_file()](https://www.php.net/manual/en/function.move-uploaded-file.php). First move the file and then access it. – KIKO Software Nov 29 '20 at 19:46
  • You can use the `wp_unslash` function that the tool is suggesting. – jake2389 Nov 29 '20 at 21:16

1 Answers1

0

If the superglobals are completly forbidden for you, just work with the tmp file.

You can just read its content and write it somewhere else. But check everything first for security purpose : the extension, the size, and here (because it's an image), its dimension.

dilaouid
  • 16
  • 2