That didn't work either.  It attempted to put in the temporary name.

I guess if I understood the mechanics of how it writes the file
(copies it), I might have a fighting chance of getting this to work.

I thought _name accomplished that - made it put in the new name
instead of the temporary one that it goes up with.

?????

--- In [email protected], Brian Cummiskey <[EMAIL PROTECTED]> wrote:
> > From: "Marian Briones" <[EMAIL PROTECTED]>
> >  I need to strip illegal characters out of an uploaded photo now.
 I am
> > trying this without results:
> > 
> >          $photofile=ereg_replace("[^[:alnum:]+$]", "",
$_POST['photo']);
> > 
> > 
> > 
> >      copy($photo,
"/home/user/public_html/memberfiles/$photofile_name");
> 
> 
> $photofile is NOT the same var as $photofile_name
> 
> from your code above, the ereg_replace will end up doing nothing, 
> because that is not what you are copying.
> 
> look into that before you make any changes.
> 
> also, your copy function is written wrong.  see below for example:
> 
> 
> if that doesn't fix the issue, try using this:
> 
> try this:
>       
>       $t = $_POST['photo'];
> 
>       $t = preg_replace("/&(?!#[0-9]+;)/s", '_', $t );
>       $t = str_replace( "<", "_"  , $t );
>       $t = str_replace( ">", "_"  , $t );
>       $t = str_replace( '"', "_", $t );
>       $t = str_replace( "'", "_", $t );
>       $t = str_replace( "&#032;", "_", $t );
>       $t = str_replace( chr(0xCA), "_", $t );
>       $t = preg_replace( "/javascript/i" , "_", $t );
>       $t = preg_replace( "/alert/i"      , "_", $t );
>       $t = preg_replace( "/about:/i"     , "_", $t );
>       $t = preg_replace( "/onmouseover/i", "_", $t );
>       $t = preg_replace( "/onclick/i"    , "_", $t );
>       $t = preg_replace( "/onload/i"     , "_", $t );
>       $t = preg_replace( "/onsubmit/i"   , "_", $t );
>       $t = preg_replace( "/<body/i"      , "_", $t );
>       $t = preg_replace( "/<html/i"      , "_", $t );
>       $t = preg_replace( "/document\./i" , "_", $t );
> 
>       copy($photo, "/home/user/public_html/memberfiles/" . $t);
> 
> 
> 
> This will convert all random symbols, hacking attempts, and spaces into 
> underscores.




------------------------ Yahoo! Groups Sponsor --------------------~--> 
<font face=arial size=-1><a 
href="http://us.ard.yahoo.com/SIG=12hf6pomn/M=362335.6886445.7839731.1510227/D=groups/S=1705005703:TM/Y=YAHOO/EXP=1123866776/A=2894361/R=0/SIG=13jmebhbo/*http://www.networkforgood.org/topics/education/digitaldivide/?source=YAHOO&cmpgn=GRP&RTP=http://groups.yahoo.com/";>In
 low income neighborhoods, 84% do not own computers. At Network for Good, help 
bridge the Digital Divide!</a>.</font>
--------------------------------------------------------------------~-> 

Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 



Reply via email to