I have completed a php form when once submitted it writes a json file to the "files/" folder, and the user can create a PDF file by clicking on the link (see code below)
I am concerned about security as the JSON files saved in the "files/" folder will contain sensitive information on the server.
Can anyone advise the best practice to manage/improve this situation?
Hope this makes sense :)
<!-- Print Receipt to PDF, Write Form Values to JSON file and Create PDf on the Fly when link is clicked -->
$arr = ['pfn' => $pfirstname, 'pln' => $plastname, 'pa1' => $paddress1, 'pa2' => $paddress2, 'ptv' => $ptownvillage, 'pec' => $postcode, 'amo' => $amount];
$temp_name = uniqid(rand(), true) . '.json';
file_put_contents('/var/www/MyWebsite/files/' . $temp_name, json_encode($arr));
<?php echo '<a href="https://mywebsite/pdf.php?q=files/' . $temp_name . '" target="_blank">Download PDF</a>'; ?>