Sorry for the reply to the reply, but OExpress won't let me reply to
newsgroup posts...

From: "Sophie Mattoug" <[EMAIL PROTECTED]>
> Joseph Szobody wrote:
> >I'm taking some user input, and creating a folder on the server. I'm
already
> >replacing " " with "_", and stripping out a few known illegal characters
(',
> >", /, \, etc). I need to be sure that I'm stripping out every character
that
> >cannot be used for a folder name. What's the best way to do this? Do I
have
> >to manually come up with a comprehensive list of illegal characters, and
> >then str_replace() them one by one?
>
> I think you should use the reverse solution : have a list of authorized
> characters and strip out all others ones.

That's exactly it. You need to change your way of thinking. When ever you
are dealing with user input, you want to define what is GOOD and only allow
that. If you try to define what is BAD, you'll leave something out.

As for an answer:

$safe_foldername = preg_replace('/[^a-zA-Z0-9]/','',$unsafe_foldername);

That'll remove anything that's not a letter or number. Adapt to your needs.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to