PDA

View Full Version : Can servers add escaping to a file name ?


songboy
10-22-2011, 09:20 PM
Hi - I am trying to get my site working on a remote server. I've had various issues where things work perfectly on an Apache server but not on the host server. I've learned a lot but the latest issue is confusing. My site allows a photo upload and subsequently the file name is changed. Now, if the file name has an apostrophe, normally on localhost it just gets processed and the file name is changed (so the code works). On my server you get the warning can't do this because the file or folder doesn't exist (I had that in development but got over it). I notice however, that on the warning, the apostrophe on the file name is escaped. The worrying thing is I can't exactly remember how my code dealt with this. Here are all the snippets that relate to the file name:

@$fileName = strip_tags(trim($_FILES['writer_photo_file']['name']));
@$tmpName = strip_tags(trim($_FILES['writer_photo_file']['tmp_name']));
@$fileSize = strip_tags(trim($_FILES['writer_photo_file']['size']));
@$fileType = strip_tags(trim($_FILES['writer_photo_file']['type']));

$upload_destin = '../../Local Root/innersongs/writer_photo_final'."//".$fileName;

$fileName = stripslashes($_FILES['writer_photo_file']['name']);

$filePath = $upload_destin;
$result = move_uploaded_file($tmpName, $filePath);


On localhost, the above doesn't throw up an escaping problem.
Is the server putting in 'escaping' ?
If servers do this, how do you stop it.
I also have the same problem on my text area - even though I have a preg_match to indicate that an apostrophe is ok.
I'm not sure what might be going on here.
(Actually, on checking what I've written here, I notice that the add a photo script does not have the mysqli_real_escape_string added - is this it ?)
Thanks -
Songboy

davidj
10-27-2011, 02:56 PM
Are you using addslashes?

songboy
11-06-2011, 09:59 PM
Basically, the host server has magic_quotes_gpc turned on. They gave me my own php.ini file and I turned them off. That particular problem has been sorted.
All the best -
Songboy