sh0wtym3 Posted November 11, 2008 Share Posted November 11, 2008 This a snippet from my upload script. At the moment it replaces spaces with "_" and makes the title lowercase. $file = str_replace(' ', '_', $_POST['title']); $file = strtolower($file); I also have a Javascript code that restricts the user from typing certain characters, such as apostrophes. Apparently Javascript doesn't work on all browsers as a user just uploaded a file, with a title that has an apostrophe in it, which created all sorts of problems for me. I added 3 more lines that will hopefully prevent this from happening in the future: $file = str_replace(' ', '_', $_POST['title']); $file = strtolower($file); ereg_replace($file,$pattern,$replace); $pattern="*^$%&()#@!'"; $replace=""; But it doesn't seem to work? If you need to see more of my code just let me know. Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/ Share on other sites More sharing options...
premiso Posted November 11, 2008 Share Posted November 11, 2008 You have the $pattern and $replace after the rege_replace is done. In php definitions go first. $file = str_replace(' ', '_', $_POST['title']); $file = strtolower($file); $pattern="*^$%&()#@!'"; $replace=""; ereg_replace($file,$pattern,$replace); Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688106 Share on other sites More sharing options...
DarkWater Posted November 11, 2008 Share Posted November 11, 2008 Or you could just do the smart thing and escape all input for use in a database. =/ Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688109 Share on other sites More sharing options...
sh0wtym3 Posted November 11, 2008 Author Share Posted November 11, 2008 DarkWater - I'm not sure what you mean Premiso - I tried that but, it still doesn't work For example, a title of "What Can't Be Done" is outputted as: what_can\'t_be_done Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688116 Share on other sites More sharing options...
DarkWater Posted November 11, 2008 Share Posted November 11, 2008 That's because you have magic_quotes_gpc() enabled on your server. Check out the stripslashes() function. And I thought you were putting this stuff in a database, so that's where my previous comment came from. If you're not, ignore it. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688117 Share on other sites More sharing options...
premiso Posted November 11, 2008 Share Posted November 11, 2008 I am not good with regex, so if the pattern/replace doesnt work I would take this to the regex forum. As for why it is not working, I just noticed you do not assign what comes out of the regex to a variable IE: ereg_replace($file,$pattern,$replace); should be $file = ereg_replace($file,$pattern,$replace); Hope that works for ya, if not it is the pattern and I am not good with regex =\ Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688119 Share on other sites More sharing options...
DarkWater Posted November 11, 2008 Share Posted November 11, 2008 You don't need regex for this, just use stripslashes(). Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688123 Share on other sites More sharing options...
premiso Posted November 11, 2008 Share Posted November 11, 2008 You don't need regex for this, just use stripslashes(). I would have to disagree, it seems like he is saving this as a file on the server given that it is an upload script. Files with weird characters in the name tend to get messed up and can cause problems, in fact that is how webservers can be exploited, a user creates a folder on it that has certain characters and bam, they can no longer access that folder or delete it which allows that folder to be accessed by certain programs and a user to do what they want with it such as upload files etc. The point of this wasnt because of the magic_quotes, he wants all special characters our of it. At least that is how I took it. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688128 Share on other sites More sharing options...
DarkWater Posted November 11, 2008 Share Posted November 11, 2008 If he was really concerned about "odd characters" and exploitation of files on the server, he should create unique, random names and store the new name, the original name (for downloading), and MIME data in a database. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688129 Share on other sites More sharing options...
premiso Posted November 11, 2008 Share Posted November 11, 2008 If he was really concerned about "odd characters" and exploitation of files on the server, he should create unique, random names and store the new name, the original name (for downloading), and MIME data in a database. Yep he sure could do that, a bit more work but I would agree that would be the better way if he intends to use this script extensively. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688130 Share on other sites More sharing options...
sh0wtym3 Posted November 11, 2008 Author Share Posted November 11, 2008 DarkWater - I disabled magic quotes in my php.ini file. And you have a good point regarding storing random names as the file name, I'll consider that if I can't get this script to work. Premiso - You are correct, the file that was uploaded with an apostrophe cannot be deleted, renamed, etc. I tried $file = ereg_replace($file,$pattern,$replace); but now I get no output at all I'll look inside the regex forum as suggested. Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688133 Share on other sites More sharing options...
sh0wtym3 Posted November 11, 2008 Author Share Posted November 11, 2008 This works: $file = $_POST[title]; $file = preg_replace('#[^a-z0-9]#', '', $file); ... From the RegEx forum Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688141 Share on other sites More sharing options...
Psycho Posted November 11, 2008 Share Posted November 11, 2008 If I may, I will make one suggestion. Your script is only replacing "*^$%&()#@!'". What about other "odd" characters that may cause a problem? I always prefer to use a "white list" of approved characters and strip out/replace any others. But, it all depends on your usage. In some situations you may need to keep the original input in other's you don't. Here's one possibility: $_POST['title'] = "This is_a test!@#$%^&*().jpg"; //Change all spaces to underscore $file = str_replace(' ', '_', $_POST['title']); //Remove all NON a-z, 0-9, and underscores $file = preg_replace('/[^\w\.]/i', '', $file); echo $file; //Output: This_is_a_test.jpg Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688142 Share on other sites More sharing options...
sh0wtym3 Posted November 11, 2008 Author Share Posted November 11, 2008 Thanks MJ, that works too. Better than the script I posted above you might I add Link to comment https://forums.phpfreaks.com/topic/132347-solved-restricting-characters/#findComment-688146 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.