Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 99,787 PHP Programmers for FREE! Ask your question and get quick answers from experts. There are 1,573 online right now! We've got more than 500 tutorials and 2,000 snippets. Join and find out why Dream.In.Code is the #1 programming help community on the internet! Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert Register to Make This Box Go Away!

Help removing special characters from uploaded files

Reply to this topic

Start new topic

Help removing special characters from uploaded files, removing & and single quotes. - Sanitize uploaded file name

Mitchell2038	9 May, 2008 - 11:47 AM Post #1
New D.I.C Head Joined: 9 May, 2008 Posts: 9	In the snippet below I am trying to remove any special character from an uploaded pictures file name. EXAMPLE: Mikes & Lisa's Pictures.jpg In this example I am trying to eliminate the & and single quote. What I wind up with is something like "Mikes & Lisa" and a sub directory called "s Pictures.jpg" or Mikes & Lisa\'s Pictures.jpg In the various combinations I try to eliminate special characters I am just adding more bad files I cant delete to a directory. I have another thread going to try and prevent this in Java from getting here in the first place but want to cover all my bases. Other threads I have read on this subject seem incomplete or the concept doesn't seem to work. Can someone correct or point me in the right direction so that the file copied from the temp upload area has a clean file name when it hits my directory? I marked this as advanced because I haven't seen any code that does this in PHP. If possible I would like to get rid of the # also which just recently started showing up. CODE if (($ext === ".jpg")\|\|($ext === "jpeg")){ $value = htmlspecialchars($value, ENT_QUOTES); $value = preg_replace('&039;/', '_', $value); $NewImageName = $t."-".$value; copy($_FILES[images][tmp_name][$key], "re_images/".$NewImageName); I Had trouble posting all the code so I changed the Preg_Replace with some misc data This post has been edited by Mitchell2038: 9 May, 2008 - 12:17 PM
	This Post Was Helpful! ^New!

Register for Free to Make This Ad Go Away!

Martyr2	9 May, 2008 - 12:27 PM Post #2
Programming Theoretician Joined: 18 Apr, 2007 Posts: 3,967 Thanked 45 times Expert In: C/C++, Java, VB, VB.NET, C#, PHP, Web Development, HTML & CSS, Javascript My Contributions	You can try something like this... php // Collect name of file $strfile = $_FILES['images']['name']; // Replace ampersands and single quotes // (add whatever other symbols to the list, in between the square brackets, if you like). $strreplaced = preg_replace("/[&']/","_",$strfile); if (move_uploaded_file($_FILES['images']['tmp_name'],"re_images/$strreplaced") { // Moved successfully } else { // Move failed } Notice that we use preg_replace and a list of symbols we want to replace (in between square brackets). So if you wanted to remove the # in names you can add it right after the ampersand and singlequote /[&'#]/. This will turn Mike & Lisa's Pictures.jpg into Mike _ Lisa_s Pictures.jpg. Of course if you want to do different replacements for different characters you just need to run the preg_replace a few times across the filename. Hopefully this helps. "At DIC we be character replacing code ninjas... we also replace people we don't like. We don't know how they end up floating face down in the river. shrugg"
	This Post Was Helpful! ^New!

Mitchell2038	9 May, 2008 - 04:10 PM Post #3
New D.I.C Head Joined: 9 May, 2008 Posts: 9	No Worky. I wish it were that easy. This if the file name input Mike & Lisa's House.JPEG This is file it puts in the directory 1210373950-Mike Lisa\s House.JPEG This is the return string 1210373950-Mike%20%20Lisas%20House.JPEG It still Creates a file with the slash in the name. This is the line that I used. CODE $value = preg_replace(" /[&'#]/","",$value);
	This Post Was Helpful! ^New!

Martyr2	9 May, 2008 - 04:55 PM Post #4
Programming Theoretician Joined: 18 Apr, 2007 Posts: 3,967 Thanked 45 times Expert In: C/C++, Java, VB, VB.NET, C#, PHP, Web Development, HTML & CSS, Javascript My Contributions	Well the solution I provide works on replacing simple characters. So there is something else in your code going on. My code is to go before any breaking off of extension or any manipulation of the actual file name. Replacing the characters should be first thing and from there then you can go ahead and check file extension etc. If you need to squeeze out the spaces too, just throw in the \s inside the square brackets. This will remove spaces as well. This isn't going to be a hard solution. Also I hope you are not still using htmlspecialchars because you should only be using that during a display of a filename or storing in a database, not when you are trying to move a file. So give the spaces a try and remove any use of htmlspecialchars when changing the file's name.
	This Post Was Helpful! ^New!

Mitchell2038	9 May, 2008 - 05:28 PM Post #5
New D.I.C Head Joined: 9 May, 2008 Posts: 9	Thanks for the heads up. I think its time I echo out the file names all through the code to try and figure out where exactly this is happening. I took out the HTMLSPECIALCHARACTERS I solved my Java issue in the mean time so I can lax a little. Going to post that now.
	This Post Was Helpful! ^New!

RepulsiveCoder	12 May, 2008 - 02:05 AM Post #6
New D.I.C Head Joined: 12 May, 2008 Posts: 1	QUOTE(Martyr2 @ 9 May, 2008 - 12:27 PM) You can try something like this... php // (add whatever other symbols to the list, in between the square brackets, if you like). $strreplaced = preg_replace("/[&']/","_",$strfile); You can try with stripslashes it'll srtip extra slashes from the file name .. php $strreplaced = stripslashes($strfile);
	This Post Was Helpful! ^New!

joeyadms	12 May, 2008 - 02:17 AM Post #7
D.I.C Head Joined: 4 May, 2008 Posts: 145 Thanked 6 times Dream Kudos: 600 My Contributions	Another suggestion is, if you do not need the file name, try hashing a timestamp for the name. For example if you had a users album, you could store the photo title in one column of the db, and the filename/location in another.
	This Post Was Helpful! ^New!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 7/25/08 01:40AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Partners

Top Contributors

Top 10 Kudos This Month

-->