homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

When to stripslashes?

 1:34 am on Sep 19, 2009 (gmt 0)

I'm newish to PHP and I've got an open source file repository that I'm trying to make upload file names with apostrophes in them. They upload fine but when they land they've got "\"s before any apostrophes in the filenames. I feel like stripslashes is the command I need to use, I'm just not quite sure where to add it in.

Here's a clipping of the code marked "uploading"

if (isset($_FILES['file'])) {
if ($config['protect_upload']) authorize();

function uploadfile($file) {
global $config, $lang, $max_filesize, $errormsg,$dir;

if ($file['error']!=0) {
$errormsg = $lang['upload_error'][$file['error']];

//determine filename
if (isset($_POST['filename']) && $_POST['filename']!="") $filename=$_POST['filename'];
$ext = $filename[count($filename)-1];

if (!in_array(strtolower(extname($filename)), $config['allowed_ext'])) {
$errormsg = $lang['upload_badext'];

if ($filesize > $max_filesize) {
$errormsg = $lang['upload_error_sizelimit'].' ('.getfilesize($max_filesize).').';

$filedest = $config['storage_path'].'/'.$filename;
if (file_exists($filedest) && !$config['allow_overwrite']) {
$errormsg = "$filename ".$lang['upload_error_fileexist'];

if (!file_exists($filesource)) {
$errormsg = "$filesource do no exist!";
} else if (!move_uploaded_file($filesource,$filedest)) {
if (!rename($filesource,$filedest)) {
$errormsg = $lang['upload_error_nocopy'];

if ($errormsg=="") {
chmod ($filedest, 0755);
if ($config['log_upload']) logadm($lang['UPLOAD'].' '.$filedest);
$loc = rooturl();
if (sizeof($dir)>0) $loc .= join("/",$dir)."/";
Header("Location: ".$loc);

Thanks in advance for any advice you may have.



 3:34 am on Sep 19, 2009 (gmt 0)

The "\" is an escape character typically used for special characters such as single quotations or double quotations.
You will want to use the stripslashes() function right before making the file permanent - in other words before the move_uploaded_file().
I would imagine changing to this line would be okay.

$filedest = $config['storage_path'].'/'.stripslashes($filename);


 4:35 am on Sep 19, 2009 (gmt 0)

Perfection! Thank you for your quick and useful help d40sithui, I'd been banging my head on this for a few days now. =)


 3:41 am on Sep 20, 2009 (gmt 0)

Just a quick question. Is there a function that escapes the characters in the first place? I'm assuming it's necessary to do that for parsing reasons?

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved