1

I am using this code when trying to upload a file into a directory:

if(move_uploaded_file($_FILES['upl']['tmp_name'], '../'.$acct_id.'/music/'.$playlist.'/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}

It works fine as long as the $playlist variable is a single string (with no spaces)

But when the variable $playlist is something like "Greatest Hits" with the space between the two words, the code will not work?

I did try adding the rawurlencode($playlist) as suggested by a friend but still no luck:

if(move_uploaded_file($_FILES['upl']['tmp_name'], '../'.$acct_id.'/music/'.rawurlencode($playlist).'/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}

I will try to explain a different way.

The problem in the string is with the $playlist variable, not the file name being uploaded.

It appears to me that your suggestion places the "rawurldecode" on the file name being uploaded.

The files that I am uploading do have spaces and they work fine as long as the $playlist has no spaces, so the problem is with the directory title which is being placed inside $playlist.

I have tried: 

- htmlentities($playlist)
- urlencode($playlist)
- urldecode($playlist)
- rawurlencode($playlist)
- rawurldecode($playlist)

Does this make sense? Please help....

Improve this question
9
  • Remove space with dash (-) or score (_) as browsers not supported space in URL. Commented Jan 6, 2015 at 11:39
  • The users are creating the directory names (such as "Greatest Hits" "Hits of the 1980s" and so on). This is a UX issue and I cannot require the users to make playlist names with no spaces... Commented Jan 6, 2015 at 11:41
  • The file names have spaces and they are being uploaded, its just the $playlist string that is causing the problem. Commented Jan 6, 2015 at 11:42
  • 1
    Don't use $_FILES['upl']['name']. It comes from the browser and a hacker might send you a carefully crafted request that could put the uploaded file in whatever directory they want it on your server. It's a big security issue. Commented Jan 6, 2015 at 11:42
  • What if two users want to create playlists with the same name? Why not store playlist names in DB and use the record id in the folder name? Commented Jan 6, 2015 at 11:44

2 Answers 2

Reset to default
2

What about changing spaces to dashes?

$playlist = str_replace(' ', '-', $playlist);

If it's a part of URL, I prefer there small letters, so

$playlist = strtolower(str_replace(' ', '-', $playlist));
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

So when a user creates a new playlist - you are suggesting a replace the spaces (so "Greatest Hits" becomes "Greatest-Hits"). If thats the case, when the user actually displays their list of "Playlists", can I display these back to the original? By some how reversing the process (i.e. replace "-" with spaces). As a UX issue, I can have the directories on the backend titled as you suggest, but they must be displayed more user friendly on the front end.
Same with the lowercase - I can do that on the backend, but when they are displayed on the frontend, they must be upper and lower.
@NetTemple: if you need to present the real dir name, save that into database. Simple table with two columns, name and alias.
May resort to that - but right now its super clean with no SQL queries. I was hoping to keep it super efficient - thank you for the suggestion.
0

Based on Panther's suggestion. I had to use the 

$playlist = str_replace('-', ' ', $playlist);

so in effect, when a user creates a new playlist, the spaces are replaced out with dashes (-) AND LIKEWISE when the playlist is displayed on the user side, I do the opposite and replace out the dashes with the spaces so that it displays properly

$playlist = str_replace(' ', '-', $playlist);

This solved the problem and the upload doesn't have to deal with the dreaded spaces.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.