Posted by Jonathan N. Little on 04/30/06 01:45

Luigi Donatello Asero wrote:
> "Luigi Donatello Asero" <jaggillarfotboll@telia.com> skrev i meddelandet
> news:eDQ4g.54935$d5.209261@newsb.telia.net...
>> "Toby Inkster" <usenet200604@tobyinkster.co.uk> skrev i meddelandet
<snip>
>>> // Convert down to lower case
>>> $name = StrToLower($name);
>>>
>>> // Remove all characters except 0-9 and a-z
>>> $name = pReg_Replace('/[^0-9a-z]/', '', $name);

<snip>

> Do you mean perhaps that it will show a page with 404 error to the user if
> he or she has filled in the form a name which contains forbidden
> characters?


Not necessarily. If you look at the function, he is stripping out all
non-alpha numeric characters, if what is left matches a page that exists
then it would be valid else you would get the 404. Of course one would
normally use the cleaned form input and look up from either a listing or
database for the file. If not found it could use a fall-back page with a
Table of Contents of valid filenames/urls.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

[Back to original message]