On Tue, 6 Jan 2004, Dimitri Marshall wrote:
> I had it perfect so that when someone uploaded a picture in a form, it
> uploaded to my server and saved the image name in the database. The
> problem is, what if someone tries saving a picture with an apostraphe ie
> ( ' ) or ( " )? Can someone help me out?"
I'd recommend sanitizing the filename using a function something like:
function clean_filename($fname,$repl="",$regex="/[^-A-Za-z0-9_\.]+/") {
return preg_replace($regex,$repl,$fname); }
$fname = "This is a 'filename'.txt";
$fname1 = clean_filename($fname); // Thisisafilename.txt
$fname2 = clean_filename($fname,"_"); // This_is_a_filename_.txt
I realize this is a very basic function, but it provides a good starting
point. If you want to change the behavior later, you only have to do it in
a single place. Also, it includes defaults that don't need to be specified
with each call, as you'd need to do with preg_replace() alone.
--
Kelly Hallman
// Ultrafancy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
