arbitter Posted January 27, 2012 Share Posted January 27, 2012 Hi there I allow users to make new albums. For each album they give a full display name, eg "New Years Eve 2012 at Persons' place", and a shorter display eg "New Years Eve 2012". The first string should be stored in a db and should be shown exactly as it is, so for that string I have: <?php //$fullname gets stored in the db $fullname = myql_real_escape_string(htmlentities($fullname)); //when pulled from the db, it is only echoed, nothing else: echo $fullname; ?> Now I presume it is safe so far. Now is the 'tricky' part. Currently this is what I do to the short name: <?php //$shortname gets stored in the database $shortname = mysql_real_escape_string(urlncode(str_replace(' ','',strtolower($shortname)))); ?> Now from this shortname, before the mysql_real_escape_string(), it makes a directory with that name. Now what happens is, if there are special charcters like '@', the '@' changes into '%40'. So the directory would be eg 'fun%40myplace'. The directories get made without a problem, but for some reason my uploader won't upload to this directory. It isn't the uploaders fault because in folders without these special characters there is no problem with uploading. Any ideas on how to fix this, or what the best method is to clean a string for url/directory names? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted January 28, 2012 Share Posted January 28, 2012 this is what you are looking for $shortname=mysql_real_escape_string(str_replace('%40','@',htmlspecialchars(urlencode($shortname)); Quote Link to comment Share on other sites More sharing options...
.josh Posted January 28, 2012 Share Posted January 28, 2012 IMO best thing is to not allow those special chars at all. Quote Link to comment Share on other sites More sharing options...
arbitter Posted January 28, 2012 Author Share Posted January 28, 2012 this is what you are looking for $shortname=mysql_real_escape_string(str_replace('%40','@',htmlspecialchars(urlencode($shortname)); Well doing this would only prevent the '@' from being formed, but all other special characters could be formed? IMO best thing is to not allow those special chars at all. What is the easiest way to do that? Is there a php function for it or do I have to use regex or..? Quote Link to comment Share on other sites More sharing options...
arbitter Posted January 28, 2012 Author Share Posted January 28, 2012 Okay I found the regex: preg_replace("/[^a-zA-Z0-9]+/", "", $string); Then a strtolower() and I think I'll be set Thanks guy! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.