Stripping out all illegal characters for a folder name

Folks,

I'm taking some user input, and creating a folder on the server. I'm already
replacing " " with "_", and stripping out a few known illegal characters (',
", /, \, etc). I need to be sure that I'm stripping out every character that
cannot be used for a folder name. What's the best way to do this? Do I have
to manually come up with a comprehensive list of illegal characters, and
then str_replace() them one by one?

There's gotta be a better way to do this...

Joseph

Joseph Szobody wrote:

>Folks,
>
>I'm taking some user input, and creating a folder on the server. I'm already
>replacing " " with "_", and stripping out a few known illegal characters (',
>", /, \, etc). I need to be sure that I'm stripping out every character that
>cannot be used for a folder name. What's the best way to do this? Do I have
>to manually come up with a comprehensive list of illegal characters, and
>then str_replace() them one by one?
>
>

I think you should use the reverse solution : have a list of authorized
characters and strip out all others ones.

>There's gotta be a better way to do this...
>
>Joseph
>
>

Sorry for the reply to the reply, but OExpress won't let me reply to
newsgroup posts...

From: "Sophie Mattoug" <sophie@sitadelle.com>
> Joseph Szobody wrote:
> >I'm taking some user input, and creating a folder on the server. I'm
already
> >replacing " " with "_", and stripping out a few known illegal characters
(',
> >", /, \, etc). I need to be sure that I'm stripping out every character
that
> >cannot be used for a folder name. What's the best way to do this? Do I
have
> >to manually come up with a comprehensive list of illegal characters, and
> >then str_replace() them one by one?
>
> I think you should use the reverse solution : have a list of authorized
> characters and strip out all others ones.

That's exactly it. You need to change your way of thinking. When ever you
are dealing with user input, you want to define what is GOOD and only allow
that. If you try to define what is BAD, you'll leave something out.

As for an answer:

$safe_foldername = preg_replace('/[^a-zA-Z0-9]/','',$unsafe_foldername);

That'll remove anything that's not a letter or number. Adapt to your needs.

---John Holmes...

* Thus wrote Sophie Mattoug (sophie@sitadelle.com):
> Joseph Szobody wrote:
>
> >I'm taking some user input, and creating a folder on the server. I'm
> >already
> >replacing " " with "_", and stripping out a few known illegal characters
> >(',
> >", /, \, etc). I need to be sure that I'm stripping out every character
> >that
> >cannot be used for a folder name. What's the best way to do this? Do I have
> >to manually come up with a comprehensive list of illegal characters, and
> >then str_replace() them one by one?
> >
>
> I think you should use the reverse solution : have a list of authorized
> characters and strip out all others ones.

I'd approach it the same way.

preg_replace('/[^A-Za-z0-9_]/', '_', $dirname);


Curt
--
"My PHP key is worn out"

PHP List stats since 1997:
http://zirzow.dyndns.org/html/mlists/

On Thursday, November 27, 2003, at 03:12 AM, Curt Zirzow wrote:

> I'd approach it the same way.
> preg_replace('/[^A-Za-z0-9_]/', '_', $dirname);

I totally agree with Curt here.

Justin French