Should we sanitize $_FILES['filename']['name']?

Question

After the user uploads an image to the server, should we sanitize $_FILES[\'filename\'][\'name\']?

I do check file size/file type etc. But I don\'t chec

Answer 1

you also need to check for duplicate names. It's too easy for multiple people to upload an image called 'mycat.jpg', which if uploaded to the same folder would overwrite a previously uploaded file by the same name. You can do this by putting a unique id in the file name (as Prix suggests). Also verify that the file type doesn't just end with an image extension but also is an actual image; you don't want your server acting as a blind host for random files.