file_exists() 用于文件名中包含 (&) 的文件
$filename = "Sara & I.mp3";
if (file_exists($filename)) {
...
}
如果文件名有“&” PHP 不会为 file_exists 返回 true
我如何在 $filename 中转义“&” file_exists 可以工作吗?
已经尝试过 urlecode()、urlrawencode()、htmlentities() 以及转义 '&'带有反斜杠(\&)...不行
ps。这是在运行 RedHat5 的 Linux 系统上,
提前致谢
$filename = "Sara & I.mp3";
if (file_exists($filename)) {
...
}
If the filename has a "&" PHP does not return true for file_exists
How can I escape "&" in the $filename for the file_exists to work?
Already tried urlecode(), urlrawencode(), htmlentities(), and escaping the '&' with a backslash (\&)... no go
ps. this is on a linux system running RedHat5
thanks in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
这些文件是用户上传的吗?我通常会重命名任何上传的文件,仅使用字母 AZ、数字 0-9 和 _ 或 - 加上文件扩展名(如 .pdf),以避免特殊字符出现问题。空格转换为 _。
例如,TYPO3(一个基于 PHP 的大型 CMS)使用这些正则表达式来清理文件名:
因此
foo&.pdf.的输入将被转换为foo.pdfAre these files uploaded by users? I normally rename any uploaded file to use only letters A-Z, numbers 0-9 and _ or - plus the file extension like .pdf in order to avoid problems with special charachters. Spaces are converted to _.
TYPO3, a large PHP based CMS for example uses these regex in order to clean a filename:
So a input of
foo&.pdf.would be converted tofoo.pdf该脚本似乎对我有用。
确保您要检查的文件位于运行脚本的目录中。
使用 getcwd() 查看脚本的运行位置。
例如,如果您的脚本位于 my/scripts/script.php 中
但如果它被 my/other/scripts/index.php 中的另一个脚本包含并调用,那么您的脚本实际上将在 my/other/scripts 目录中运行,而不是像您期望的那样在 my/scripts 目录中运行
The script seems to work for me.
Make sure that the file you're checking is in the directory where your script is run.
use getcwd() to see where your script is running.
e.g. if your script is in my/scripts/script.php
but if it's included and invoked by another script at my/other/scripts/index.php then your script would actually be running in the my/other/scripts directory, NOT in the my/scripts directory as you might expect
如果它是一个文件,不应该像文件系统期望的那样进行转义吗?难道不应该是类似于 \& 的东西吗?或者也许是基于 unicode 的转义序列(此刻我无法理解;-)?
If it's a file, shouldn't be escape as the filesystem expects it to be? Shouldn't it be something along the lines of \& or maybe the unicode based escape sequence (which escapes me at the moment ;-) ?
我假设您将参数作为 GET 请求传递,例如 script.php?file=this & that.mp3
首先请确保您仔细检查您的输入,以便用户无法删除任意文件。第二:在创建链接时使用
urlencode对文件名进行编码。&的编码字符为%26。那么你的脚本将被这样调用:
script.php?file=this%20%26%20that.mp3(%20是一个空格)否则你将有另一个GET 变量,即
that.mp3,未分配。&用于分隔 GET 请求中的单个参数编辑
我这边的一个问题:你如何删除你的文件?使用 php 的
unlink函数?或者在您的系统上使用exec并调用rm? (这通常非常不安全)。如果您采用第二种方式,则可以使用escapeshellarg。如果您不转义 shell 输入,您的 shell 会将您的命令解释为两个命令(据我所知,不要相信我的话)i assume you are passing your parameters as GET requests like
script.php?file=this & that.mp3first be sure you check your input really well, so users can't delete arbitrary files. second: encode your filenames with
urlencodewhen creating the link. the encoded char for&is%26.your script would be called like this then:
script.php?file=this%20%26%20that.mp3(%20being a whitespace)otherwise you will have another GET variable, namely
that.mp3, being not assigned.&is used to separate single parameters in your GET requestedit
a question from my side: how do you delete your files? using php’s
unlinkfunction? or usingexecand callingrmon your system? (which is generally very unsafe). if you’re doing it the second way you could useescapeshellarg. if you don’t escape your shell input, your shell will interpret your command as two commands (afaik, don’t take my word for it)& 符号来自哪里 - 用户输入还是它确实在您的脚本中?那里的编码可能存在混淆。
另外,当您对目录执行 glob() 时,您会得到什么结果?带有&符号的文件存在吗?如果您复制并复制会发生什么?粘贴 glob() 输出并在其上运行 file_exists() ?
Where is the ampersand coming from - user input or is it really inside your script? There may be a mix-up in encodings there.
Also, when you do a glob() on the directory, what results do you get? Is the file with the ampersand there? What happens if you copy & paste the glob() output and run file_exists() on it?