multiple characters in eregi

STooPID

well heres the code i have now...

if (eregi('.<>/\', $split_file)) { $error = "$error<p><b>Error:</b> $file_name Contains Invalid Characters.</p>\n"; $inv_char = "1"; };

what im working on is my uploader, and what i want it to do is scan the file name before the extension for the following characters ". and < and > and / and \" well i got the split part so now instead of scanning filename.exe its only scanning filename....that way it wont bother with the "." in the extension...the thing is...ill try to upload a file like "te.xt.txt" and it still allows it when it should come up the message "te.xt.txt Contains Invalid Characters"...what have i done wrong?...

thanks for the help..! 🙂

tsinka

Hi,

try this one (without splitting the filename first):

<?php
$file_name = "test<te.txt";

$error = "";
if (!eregi('^[^.<>/]+\\.[^.]+$', $file_name)) { 
  $error = "$error<p><b>Error:</b> ".htmlspecialchars($file_name)." Contains Invalid Characters.</p>\n"; 
  $inv_char = "1"; 
};
echo $error;
?>

This checks if a file has an extension at all and that the part in front of the . doesn't contain invalid characters. It doesn't check if the extension itself is valid at all.

You need to use htmlspecialchars because < > can mess up your HTML code if you print them as they are.

Thomas