I have a form where users can upload files, and I’d like to name

Question

0

Asked: May 18, 20262026-05-18T07:20:32+00:00 2026-05-18T07:20:32+00:00

I have a form where users can upload files, and I’d like to name

0

I have a form where users can upload files, and I’d like to name the file something along the lines of [id]_[lastname]_[firstname].pdf. The name is entered by the user, and I’m afraid of them entering something with a slash in it. Otherwise, something like $path = $dir.$filename could result in $path = 'uploads/2_smith_john/hahaimajerk.pdf' if the firstname is john/hahaimajerk.

I don’t really want to force users to restrict their names to anything; I don’t mind changing their names a little in the file name as long as I can tell the original name. What characters do I need to escape, or is there some other way to do this? Or…do I just use mysql_real_escape_string?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T07:20:33+00:00

Editorial Team

2026-05-18T07:20:33+00:00Added an answer on May 18, 2026 at 7:20 am

mysql_real_escape_string won’t escape slashes. Even escapeshellarg won’t do it. You will have to use str_replace:

$path = str_replace('/', '_', $path);

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a form where users can upload files, and I’d like to name

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply