On 9/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I made a simple file uploader and it works fine (at lest I thought it
works fine). But, people uploaded files with so crazy names, like "MOORE's
20% Off.pdf" ?!?!?!?!?
This is why it is so important that you understand how to filter data
based on where you are going to use it. You need to ensure the chars
used in the name you are using is going to be usable.
First, it was uploaded with slash in front of apostrophy - I fixed that.
but, because of percent sign I can't link it.
This is why you need to generate a unique 'safe' file name to store
the file as. If you are refering to a database entry that you keep
track of, use the auto generated id with a safe 'name'.
A Safe name would be any filename that is able to be saved on youre
file system, the safest you could get is to filter the data with:
$safe_filename = preg_replace('/[^a-zA-Z0-9/', '', $unsafe_name);
That will ensure that $safe _filename only has chars with A-Z or 0-9
in it, of course it doesn't address the length limitations of the
filename.
As I mentioned earlier, if you are storing this uploaded file into a
database use its auto generated id counter to ensure you dont have
name clashes, so you end up with:
$real_safe_filename = $safe_filename . $auto_generated_atomic_id .
'.extention of file';
HTH,
Curt
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
