>$SAFEFILENAME = ereg_replace ("[[:punct:]]+[[:blank:]]+", "", $FILENAME);
>
>But that does not seem to be working, and I have not been able to figure
>out why.
It's better to specifically *ALLOW* certain characters than to try to list
all the ones you do *NOT* allow:
# Get rid of gnarly characters in filenames:
$filename = ereg_replace('[^a-zA-Z0-9_\\.-]', '', $photo_name);
$filename = $filename ? $filename : chr(rand(ord('A'),ord('Z'))) .
chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) .
chr(rand(ord('A'),ord('Z')));
if (!ereg('[a-zA-Z0-9_-]+[\\.]*[a-zA-Z0-9_-]*', $filename)){
$filename = chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z')))
. chr(rand(ord('A'),ord('Z'))) . chr(rand(ord('A'),ord('Z'))) . $filename;
}
Here, I throw out anything that's not alphanumeric, underscore (_), dot
(\\.), or dash (-)
I also accept that fact that some goofball will end up have a file name with
*NOTHING* useful in it, and then I just make a random filename up.
Damned if I know why I felt the need for that last if(){} part...
Maybe ord('Z') should be ord('Y') and I was getting whatever comes after Z
some of the time???
Or perhaps that just adds four more characters on when I *DO* need to make
up random names?
That part looks pretty broken to me right now, but maybe I just need some
sleep.
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
