Mike & Joey, et al -- ...and then Mike Migurski said... % % >What kind of checking/filtering/changing do I need to do on a % >user-submitted string before I can feel comfortable using it to name a ... % >appreciative. Or is this just a Terrible Idea That Should Never Be % >Contemplated?
In general, I'd say the latter, but I'm a little harsh :-) % % A file or directory name in Unix can contain any character, except a Note, however, that allowing many of these characters will cause you no end of headaches. % slash. On mac OS, you also can't use a colon because that was the old mac % way of delimiting directories. I imagine windows has a similar restriction % on the backslash. I think it has to be less than 256 characters as well, Windows has numerous restrictions, both on characters allowed anywhere and special names. The only special characters I would allow are '@.' (in case you're naming after email addresses) and the fairly common '_-' (polite word separators to help your users) which gives us a-z A-Z 0-9 @._- I don't really see a need for a comma, though that could be included as well. Anything else is likely to mess you up when trying to handle it (just try to print a text input box whose value is O'Banion said "come"! or such and have it show up in the browser...). I'm also the type who will kick back an error rather than trying to reformat the string, either in order to get rid of bad chars or to make something unique in the event of a collision. Thus, a simple if ( preg_match('/[EMAIL PROTECTED]/',$string) || file_exists($string) ) { puke() ; } could work nicely. HTH & HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
pgp00000.pgp
Description: PGP signature