That didn't work either. It attempted to put in the temporary name. I guess if I understood the mechanics of how it writes the file (copies it), I might have a fighting chance of getting this to work.
I thought _name accomplished that - made it put in the new name instead of the temporary one that it goes up with. ????? --- In [email protected], Brian Cummiskey <[EMAIL PROTECTED]> wrote: > > From: "Marian Briones" <[EMAIL PROTECTED]> > > I need to strip illegal characters out of an uploaded photo now. I am > > trying this without results: > > > > $photofile=ereg_replace("[^[:alnum:]+$]", "", $_POST['photo']); > > > > > > > > copy($photo, "/home/user/public_html/memberfiles/$photofile_name"); > > > $photofile is NOT the same var as $photofile_name > > from your code above, the ereg_replace will end up doing nothing, > because that is not what you are copying. > > look into that before you make any changes. > > also, your copy function is written wrong. see below for example: > > > if that doesn't fix the issue, try using this: > > try this: > > $t = $_POST['photo']; > > $t = preg_replace("/&(?!#[0-9]+;)/s", '_', $t ); > $t = str_replace( "<", "_" , $t ); > $t = str_replace( ">", "_" , $t ); > $t = str_replace( '"', "_", $t ); > $t = str_replace( "'", "_", $t ); > $t = str_replace( " ", "_", $t ); > $t = str_replace( chr(0xCA), "_", $t ); > $t = preg_replace( "/javascript/i" , "_", $t ); > $t = preg_replace( "/alert/i" , "_", $t ); > $t = preg_replace( "/about:/i" , "_", $t ); > $t = preg_replace( "/onmouseover/i", "_", $t ); > $t = preg_replace( "/onclick/i" , "_", $t ); > $t = preg_replace( "/onload/i" , "_", $t ); > $t = preg_replace( "/onsubmit/i" , "_", $t ); > $t = preg_replace( "/<body/i" , "_", $t ); > $t = preg_replace( "/<html/i" , "_", $t ); > $t = preg_replace( "/document\./i" , "_", $t ); > > copy($photo, "/home/user/public_html/memberfiles/" . $t); > > > > This will convert all random symbols, hacking attempts, and spaces into > underscores. ------------------------ Yahoo! Groups Sponsor --------------------~--> <font face=arial size=-1><a href="http://us.ard.yahoo.com/SIG=12hf6pomn/M=362335.6886445.7839731.1510227/D=groups/S=1705005703:TM/Y=YAHOO/EXP=1123866776/A=2894361/R=0/SIG=13jmebhbo/*http://www.networkforgood.org/topics/education/digitaldivide/?source=YAHOO&cmpgn=GRP&RTP=http://groups.yahoo.com/">In low income neighborhoods, 84% do not own computers. At Network for Good, help bridge the Digital Divide!</a>.</font> --------------------------------------------------------------------~-> Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
