SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
Thread: Invalid Filename Check
-
Aug 20, 2001, 08:37 #1
- Join Date
- Apr 2001
- Location
- Sarnia, Ontario, Canada
- Posts
- 434
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Invalid Filename Check
Hi,
I am making a script that will allow a user to create a page on my site. I only want alphanumerical characters, hyphens, periods, and underscores allowed. As well, two consecutive periods in a row isn't allowed. Here is the script I tried:
PHP Code:<?PHP
if (ereg("^[[:alnum:]][[:alnum:]_.-]*[[:alnum:]]$ ",$filename)) {
if (ereg("..",$filename))
$error = "invalidfname";
else
$error = "none";
}
else
$error = "invalidfname";
.....
if ($error == "invalidfname") {
?>
<FONT color="red">
<B>ERROR: THE FILENAME YOU CHOSE IS INVALID. ONLY
ALPHANUMERICAL CHARACTERS, UNDERSCORES, HYPHENS, AND
PERIODS ARE ALLOWED. TWO CONSECUTIVE PERIODS ARE NOT
ALLOWED. PLEASE MAKE THE NECCESSARY CHANGES BELOW.</B>
</FONT>
<?PHP
}
-
Aug 20, 2001, 08:41 #2
- Join Date
- Apr 2001
- Location
- Sarnia, Ontario, Canada
- Posts
- 434
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
One more thing...
The user doesn't type the extension, as it will always be .php, and later in the script when the file is created the extension will be added.
-
Aug 20, 2001, 08:43 #3
- Join Date
- Jul 2001
- Location
- The Netherlands
- Posts
- 2,617
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Are you sure the .extension-part is not necessary. I have no experience with this, but that could be your problem.
-
Aug 20, 2001, 08:46 #4
- Join Date
- Oct 2000
- Location
- Austin, TX
- Posts
- 1,438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I've never used ereg functions but here's a preg one that should work okay: preg_match('/^[-a-z0-9_]+(\.[-a-z0-9_]+)*$/i',$filename);
ck :: bringing chris to the masses.
-
Aug 20, 2001, 12:06 #5
- Join Date
- Apr 2001
- Location
- Sarnia, Ontario, Canada
- Posts
- 434
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Thanks Anarchos, your code works as I intended mine too
-
Aug 20, 2001, 17:01 #6
- Join Date
- Jul 2001
- Location
- Missouri
- Posts
- 3,428
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
in the preg functions (maybe ereg too) instead of [a-z0-9_] you can just use \w
- Matt** Ignore old signature for now... **
Dr.BB - Highly optimized to be 2-3x faster than the "Big 3."
"Do not enclose numeric values in quotes -- that is very non-standard and will only work on MySQL." - MattR
-
Aug 21, 2001, 08:02 #7
- Join Date
- Apr 2001
- Location
- Sarnia, Ontario, Canada
- Posts
- 434
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
If that's like the [[:alnum:]] in ereg then it won't be good, because it allows accented characters (à,á,â,ã,ä,å,æ,ç,è,é,ê,ë,ì,í,î,ï,ð,ñ,ò,ó,ô,õ,ö,ù,ú,û,ü,ý,ÿ, and their uppercase counterparts) which I do not wish in filenames.
-
Aug 21, 2001, 16:47 #8
- Join Date
- Jul 2001
- Location
- Missouri
- Posts
- 3,428
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
oh ok. i don't know about that...
Bookmarks