Hello,
I want to import data from a excel file to my database.
Where is the best folder to upload my file ?
Is it very secure to put the file into webroot folder ?
Its not secure, anyone can download it, and obscurity is bad security.
If the imported data is handled server-side there’s no need to put it anywhere near where the end user can see it. You can just make a designated folder off the root for your excels, and store them there.
If the user can upload just strip out any attempt to inject a path, and store it in that inaccessible place.
And, if you really need access to that Excel from the webpage, ie. through a javascript download, I would suggest re-examining your approach and fetch the required data via AJAX with CSRF protection.
Ok thanks for your answer !