An HTML form contains this form element:
<code>
<input type=”file” name=”myFile” />
When this form is submitted, the following PHP code gets executed:
1 <?php
2 move_uploaded_file(
3 $_FILES[‘myFile’][‘tmp_name’],
4 ‘uploads/’ . $_FILES[‘myFile’][‘name’]);
5 ?>
</code>
Which of the following actions must be taken before this code may go into production?
(Choose 2)
A.
Check withis_uploaded_file() whether the uploaded file $_FILES[‘myFile’][‘tmp_name’] is valid
B.
Sanitize the file name in $_FILES[‘myFile’][‘name’] because this value is not consistent among
web browsers
C.
Check thecharset encoding of the HTTP request to see whether it matches the encoding of the
uploaded file
D.
Sanitize the file name in $_FILES[‘myFile’][‘name’] because this value could be forged
E.
Use $HTTP_POST_FILES instead of $_FILES to maintain upwards compatibility