Sorry for the reply to the reply, but OExpress won't let me reply to newsgroup posts...
From: "Sophie Mattoug" <[EMAIL PROTECTED]> > Joseph Szobody wrote: > >I'm taking some user input, and creating a folder on the server. I'm already > >replacing " " with "_", and stripping out a few known illegal characters (', > >", /, \, etc). I need to be sure that I'm stripping out every character that > >cannot be used for a folder name. What's the best way to do this? Do I have > >to manually come up with a comprehensive list of illegal characters, and > >then str_replace() them one by one? > > I think you should use the reverse solution : have a list of authorized > characters and strip out all others ones. That's exactly it. You need to change your way of thinking. When ever you are dealing with user input, you want to define what is GOOD and only allow that. If you try to define what is BAD, you'll leave something out. As for an answer: $safe_foldername = preg_replace('/[^a-zA-Z0-9]/','',$unsafe_foldername); That'll remove anything that's not a letter or number. Adapt to your needs. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php