Making strings filesystem compliant

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi group,

I'm managing a website where users can upload files to songs, and the
filenames are generated from the song's title and composer. On another page
there's a form that allows to upload a file with a remark. And this remark
could contain any character.

All those information for new filenames may contain characters that are
invalid, at least on FAT and NTFS, such as '*', ':', and '?'.

Is there a ready-to-use function that would correct a string so it doesn't
contain any of those chars, or do I have to rely on my own lookup table
(for which I can't anticipate anything that might happen)?

Thanks in advance for some helpful hints.
Gru▀ | Greetings | Qapla'
DŘsseldorf ist nur halb so gro▀ wie der Friedhof von New York,
aber doppelt so tot.

Re: Making strings filesystem compliant

Frank Steinmetzger escribiˇ:
Quoted text here. Click to load it

If you try to create a folder called "<" in Windows you get a full list
of banned chars. (Also, I suppose it's documented somewhere in MSDN.)

However, I would only use user provided names for download headers and
maybe URLs. It's more reliable to store files with a temporary name
generated with, e.g., uniqid().

-- - ┴lvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programaciˇn web:
-- Mi web de humor satinado:

Re: Making strings filesystem compliant

Quoted text here. Click to load it

The real problem is that these characters are perfectly valid on an
NTFS or DOS filesystem - but the MS operating systems apply non-file
semantics when opening the thing again. You'll need to maintain your
own character list.

$array_of_disallowed_chars =array(':',';','*','?','|','&',"'",'"');
$array_of_replacement_chars, $calculated_name);

should do what you want. But it would be safer to use a whitelist:



Re: Making strings filesystem compliant


on 06/24/2009 10:58 PM Frank Steinmetzger said the following:
Quoted text here. Click to load it

It is a bad idea to use the original uploaded file names in the files
stored on the server.

Even if you filter some characters you may end up with names that are
special for some OS or file systems. For instance, if you use COM as
file name on Windows it will fail because that is a special name.

It is safer that you store the file names in a database record and use
the record primary key integer as file name.


Manuel Lemos

Find and post PHP jobs /

PHP Classes - Free ready to use OOP components written in PHP /

Re: Making strings filesystem compliant

I don't agree using a list of banned characters because you might find
a character that you did not account for. If you are going to replace
invalid character, replace anything that is not a-z and 0-9 with an

I would md5($filename).'.txt' the submitted filename but i am just

The idea about storing the filename into a database then using an
index reference is the best way to do it so don't listen to me.

Site Timeline