>$SAFEFILENAME = ereg_replace ("[[:punct:]]+[[:blank:]]+", "", $FILENAME); > >But that does not seem to be working, and I have not been able to figure >out why.
It's better to specifically *ALLOW* certain characters than to try to list all the ones you do *NOT* allow: # Get rid of gnarly characters in filenames: $filename = ereg_replace('[^a-zA-Z0-9_\\.-]', '', $photo_name); $filename = $filename ? $filename : chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))); if (!ereg('[a-zA-Z0-9_-]+[\\.]*[a-zA-Z0-9_-]*', $filename)){ $filename = chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . $filename; } Here, I throw out anything that's not alphanumeric, underscore (_), dot (\\.), or dash (-) I also accept that fact that some goofball will end up have a file name with *NOTHING* useful in it, and then I just make a random filename up. Damned if I know why I felt the need for that last if(){} part... Maybe ord('Z') should be ord('Y') and I was getting whatever comes after Z some of the time??? Or perhaps that just adds four more characters on when I *DO* need to make up random names? That part looks pretty broken to me right now, but maybe I just need some sleep. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php