close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

file upload with apostrophe in filename

Thread began 1/05/2012 4:53 pm by contact318852 | Last modified 1/12/2012 9:35 am by Jason Byrnes | 4492 views | 9 replies |

contact318852

file upload with apostrophe in filename

Hoping for some guidance here if anyone can assist.

I have a form for applications, applicants fill the form, and upload a resume. I also have a backend administration area where human resources can view the applications and make notes on each one.

An unforeseen issue has popped up recently where applicants will upload a resume and include an apostrophe in the file name as in - john doe's resume.pdf -

Somewhere in the process the actual file name gets re-written to john doe\'s resume.pdf and as such the backend admin area can not find the link to that particular file.

As I understand it this addition of the forward slash is a security feature. My question is how can I and where can I alter the code to just have an apostrophe truncated so the file is rewritten as john does resume.pdf with no apostrophe and no forward slash?

cheers

Sign in to reply to this post

Ian S

Hi,

I assume you are using Data Assist to insert the file name into a database field?

What binding are you assigning to the field that contains the file name?

Cheers
Ian

Sign in to reply to this post

contact318852

Hi the only Binding I have assigned is if file exists [NewFileName]_[Increment]

Sign in to reply to this post

Ian S

Funnily enough, I have come across this exact same issue this morning!

I've put some client side validation in place to prevent the file being uploaded if it includes illegal characters.

Cheers
Ian

Sign in to reply to this post

Jason ByrnesWebAssist

add the following code at line 1 of the page you have applied the upload to:

php:
<?php

if(sizeof($_FILES) > 0) {
    foreach(
$_FILES as $k => $v) {
        
$_FILES[$k] = str_replace("'"""$v);
    }
}
?>
Sign in to reply to this post

contact318852

Hi Thank you,

That works in rewriting the database file name from johndoe's.pdf to johndoes.pdf but the actual filename is changed to johndoe\s.pdf and stored in the folder as that.

Should I change the bindings in the file manipulation upload wizard File upload from [FileName] to [Server File Name] ?

Sign in to reply to this post

Jason ByrnesWebAssist

alright, I think the problem is caused by having the magic_quotes_gpc setting in your php.ini file enabled, this is a deprecated setting and should not be enabled on newer ph installation.

to work around the issue, try changing the code block i gave you earlier to:

php:
<?php

if(sizeof($_FILES) > 0) {
    foreach(
$_FILES as $k => $v) {
        
$_FILES[$k] = str_replace(array("\\","'"), ""$v);
    }
}
?>
Sign in to reply to this post

contact318852

Bingo! That did the trick works like a charm

your assistance is greatly appreciated.

Thanks

Kerry

Sign in to reply to this post

Ian S

Originally Said By: contact318852
  Hi Thank you,

That works in rewriting the database file name from johndoe's.pdf to johndoes.pdf but the actual filename is changed to johndoe\s.pdf and stored in the folder as that.

Should I change the bindings in the file manipulation upload wizard File upload from [FileName] to [Server File Name] ?  



Yes, you should bind to the Server File Name value for your Data Assist insert.

Cheers
Ian

Sign in to reply to this post

Jason ByrnesWebAssist

Ian, in this case, Kerry is talking about the setting in the Upload File behavior for If the File Exists.

Not the binding in the data Assist insert record behavior.

in the insert record behavior, the server file name binding should be used, but do not change the If File Exists setting in the upload file behavior to use [Server File Name]. The If file exists setting is used to determine the server file name, so server file name cannot be used as a part of that setting, it would create circular logic.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...