0

we have our code set up to create a directory based on the desired directory name so the user would through html choose a directory name and it would be created based on their name, the obvious problem comes when they enter characters like ?)(#$^&^%$#@/|][{}<>,. or unicode characters as certain characters are not allowed to be within a url.

how would we test the string to replace any illegal characters with _ or ''?

here is the code so far

//Removes illegal characters
$game_name = preg_replace('/[^a-zA-Z0-9/-]/','',$game_name);
//grab current directory name
$currentdirname = dirname(__file__);

//create new directory that uses game_name and current_directory
$game_directory = $currentdirname . '/' . $game_name;

//creates directory
mkdir($game_directory, 0700);
4

2 回答 2

1

爱丽儿的回答几乎很好。他错过了冒号 ':' 和引号 '"',它们是 windows 字典的非法字符。这是我的更新版本,它使 windows NTFS 目录的字符串安全:

$game_name = preg_replace('/[?()#$:"^&%@\/|\[\]{}<>.,\\\]/', '_', $game_name);
于 2012-06-27T21:40:02.780 回答
1

只需扩展现有代码:

$game_name = preg_replace('/[?()#$^&%@\/|\[\]{}<>.,\\\]/', '_', $game_name);

但是用空格替换所有非字母数字字符仍然是一个更安全的选择,因为不同的环境和同一环境中的不同文件系统对文件/目录名称有不同的要求。

于 2012-04-18T03:06:54.177 回答