Import data : Folder?


I want to import data from a excel file to my database.

Where is the best folder to upload my file ?

Is it very secure to put the file into webroot folder ?

Its not secure, anyone can download it, and obscurity is bad security.

If the imported data is handled server-side there’s no need to put it anywhere near where the end user can see it. You can just make a designated folder off the root for your excels, and store them there.

If the user can upload just strip out any attempt to inject a path, and store it in that inaccessible place.

And, if you really need access to that Excel from the webpage, ie. through a javascript download, I would suggest re-examining your approach and fetch the required data via AJAX with CSRF protection.

Ok thanks for your answer !