file_exists() 用于文件名中包含 (&) 的文件

发布于 2024-08-08 06:34:43 字数 424 浏览 13 评论 0原文

$filename = "Sara & I.mp3";
if (file_exists($filename)) {
 ...
}

如果文件名有“&” PHP 不会为 file_exists 返回 true

我如何在 $filename 中转义“&file_exists 可以工作吗?

已经尝试过 urlecode()urlrawencode()htmlentities() 以及转义 '&'带有反斜杠(\&)...不行

ps。这是在运行 RedHat5 的 Linux 系统上,

提前致谢

$filename = "Sara & I.mp3";
if (file_exists($filename)) {
 ...
}

If the filename has a "&" PHP does not return true for file_exists

How can I escape "&" in the $filename for the file_exists to work?

Already tried urlecode(), urlrawencode(), htmlentities(), and escaping the '&' with a backslash (\&)... no go

ps. this is on a linux system running RedHat5

thanks in advance

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

自由如风 2024-08-15 06:34:43

这些文件是用户上传的吗?我通常会重命名任何上传的文件,仅使用字母 AZ、数字 0-9 和 _ 或 - 加上文件扩展名(如 .pdf),以避免特殊字符出现问题。空格转换为 _。

例如,TYPO3(一个基于 PHP 的大型 CMS)使用这些正则表达式来清理文件名:

$fileName = preg_replace('/[^.[:alnum:]_-]/','_',trim($fileName));  // converting all on alphanumeric chars to _
$fileName = preg_replace('/\.*$/','',$fileName); // removing dot . after file extension

因此 foo&.pdf. 的输入将被转换为 foo.pdf

Are these files uploaded by users? I normally rename any uploaded file to use only letters A-Z, numbers 0-9 and _ or - plus the file extension like .pdf in order to avoid problems with special charachters. Spaces are converted to _.

TYPO3, a large PHP based CMS for example uses these regex in order to clean a filename:

$fileName = preg_replace('/[^.[:alnum:]_-]/','_',trim($fileName));  // converting all on alphanumeric chars to _
$fileName = preg_replace('/\.*$/','',$fileName); // removing dot . after file extension

So a input of foo&.pdf. would be converted to foo.pdf

妄司 2024-08-15 06:34:43

该脚本似乎对我有用。

确保您要检查的文件位于运行脚本的目录中。

使用 getcwd() 查看脚本的运行位置。

例如,如果您的脚本位于 my/scripts/script.php 中
但如果它被 my/other/scripts/index.php 中的另一个脚本包含并调用,那么您的脚本实际上将在 my/other/scripts 目录中运行,而不是像您期望的那样在 my/scripts 目录中运行

The script seems to work for me.

Make sure that the file you're checking is in the directory where your script is run.

use getcwd() to see where your script is running.

e.g. if your script is in my/scripts/script.php
but if it's included and invoked by another script at my/other/scripts/index.php then your script would actually be running in the my/other/scripts directory, NOT in the my/scripts directory as you might expect

ら栖息 2024-08-15 06:34:43

如果它是一个文件,不应该像文件系统期望的那样进行转义吗?难道不应该是类似于 \& 的东西吗?或者也许是基于 unicode 的转义序列(此刻我无法理解;-)?

If it's a file, shouldn't be escape as the filesystem expects it to be? Shouldn't it be something along the lines of \& or maybe the unicode based escape sequence (which escapes me at the moment ;-) ?

夜唯美灬不弃 2024-08-15 06:34:43

我假设您将参数作为 GET 请求传递,例如 script.php?file=this & that.mp3

首先请确保您仔细检查您的输入,以便用户无法删除任意文件。第二:在创建链接时使用 urlencode 对文件名进行编码。 & 的编码字符为 %26

那么你的脚本将被这样调用: script.php?file=this%20%26%20that.mp3%20 是一个空格)

否则你将有另一个GET 变量,即 that.mp3,未分配。 & 用于分隔 GET 请求中的单个参数

编辑
我这边的一个问题:你如何删除你的文件?使用 php 的 unlink 函数?或者在您的系统上使用 exec 并调用 rm ? (这通常非常不安全)。如果您采用第二种方式,则可以使用 escapeshellarg。如果您不转义 shell 输入,您的 shell 会将您的命令解释为两个命令(据我所知,不要相信我的话)

i assume you are passing your parameters as GET requests like script.php?file=this & that.mp3

first be sure you check your input really well, so users can't delete arbitrary files. second: encode your filenames with urlencode when creating the link. the encoded char for & is %26.

your script would be called like this then: script.php?file=this%20%26%20that.mp3 (%20 being a whitespace)

otherwise you will have another GET variable, namely that.mp3, being not assigned. & is used to separate single parameters in your GET request

edit
a question from my side: how do you delete your files? using php’s unlink function? or using exec and calling rm on your system? (which is generally very unsafe). if you’re doing it the second way you could use escapeshellarg. if you don’t escape your shell input, your shell will interpret your command as two commands (afaik, don’t take my word for it)

旧时光的容颜 2024-08-15 06:34:43

& 符号来自哪里 - 用户输入还是它确实在您的脚本中?那里的编码可能存在混淆。

另外,当您对目录执行 glob() 时,您会得到什么结果?带有&符号的文件存在吗?如果您复制并复制会发生什么?粘贴 glob() 输出并在其上运行 file_exists() ?

Where is the ampersand coming from - user input or is it really inside your script? There may be a mix-up in encodings there.

Also, when you do a glob() on the directory, what results do you get? Is the file with the ampersand there? What happens if you copy & paste the glob() output and run file_exists() on it?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文