Posted by shimmyshack on 05/14/07 00:28

On May 13, 11:25 pm, Alfred Molon <alfred_molonCAN...@yahoo.com>
wrote:
> In article <1179093340.453709.241...@n59g2000hsh.googlegroups.com>,
> matt.fa...@gmail.com says...
>
> > alfred, i use php uploads with single quotes just fine, it copes with
> > a large range of characters including single quotes.
> > you say "the uploads dont work properly" but I am unclear as to what
> > that means, where does the process fail? I just think it's a coding/
> > config issue, the actual upload functionality will remain completely
> > unaffected - if your system is set up properly.
>
> It's a shared host and I can not set the system.
>
> In any case what happens, is that the image will upload and be stored in
> the temporary , but then the PHP code will mess up the filename.
>
> For instance, if I upload the file "Al Azhar's mosque Cairo.jpg" (with
> the apostrophe), the PHP code will automatically convert the filename to
> "Al Azhar\'s mosque Cairo.jpg" (i.e. insert a backslash) and store a
> file named "Al Azhar\'s mosque Cairo.jpg" in the temporary directory.
>
> Then for misterious reasons it will convert the filename to "Al Azhar
> \\\'s mosque Cairo.jpg" (i.e. insert two more backslashs). This happens
> after the filename has been passed as a POST parameter to another
> script.
>
> Perhaps I should process the filename with rawurlencode or htmlentities
> before passing it as a POST parameter to the other script.
> --
>
> Alfred Molonhttp://www.molon.de- Photos of Asia, Africa and Europe

this is "magic quotes" a waste of time, and kinda dangerous.
you can use stripslashes to remove the slashes, 2 more come because
once there is one, it is seen by the next function along and gets
preserved, how do you preserve a backslash? you add 2 backslashes, one
to escape the original one, and a second to escape the 2nd to show
that it is to be interpreted as "real"
As I say this is a config issue, you can probably set magic quotes to
off using ini_set, which I recommend, you are then responsible for
filtering and managing user input, but at least it becomes more
predictable.

• Next in forum: Re: 'nested conditional' that can identify parent page?
• Prev in forum: Re: restricted access
• Thread view: Re: Uploading files with an apostrophe in the filename

[Reply to this message]