How can I secure use of fopen on a CSV file?

I have a PHP script which allows a user to upload a CSV, and then make some changes via an API.

I use fopen to open and access the file after it's been uploaded. I check for size, name, presence of known bad extensions etc using the $_FILES array on upload.

The data is simply a grid of ID's and corresponding action codes.

It's a clos开发者_如何学运维ed group of users, and nothing is being include)()'ed or require()'d from this input but I am still concerned that by manipulating the upload something bad can happen.

if (($han = fopen($fileloc, "r")) !== false) {
            while (($data = fgetcsv($han, 50, ",")) !== false) {
            array_push($stack, $data); //
            }
            fclose($han);
            }

The only thing I could see is when echoing back HTML (echo or print) use: htmlspecialchars just to be on the safe side

Hope that helps! ^_^