PHP: How to sanitize uploaded filenames?

php file-upload sanitization
frooyo picture frooyo · Sep 21, 2010 · Viewed 12.8k times · Source

I have a PHP application.

I allow users to upload files to my web application.

Question: What's the best way for me to sanitize the file names of the uploaded documents $_FILES["filename"]["tmp_name"] in PHP?

UPDATE:

Can I take an MD5 of the uploaded filename and use that as the newly assigned filename? If so, how do I do that in PHP?

Answer

Adam Byrtek picture Adam Byrtek · Sep 21, 2010

I bet that you also store some information about the file in the database. If this is correct, then you can use the primary key (ID) as a filename on your server and preserve the original filename in the database. This gives you greater flexibility, because you can manipulate the metadata without renaming the actual file.

Related questions

Multiple file upload in php

I want to upload multiple files and store them in a folder and get the path and store it in the database... Any good example you looked for doing multiple file upload... Note: Files can be of any type...

Read More
How to rename uploaded file before saving it into a directory?

Below is the code I used in order to upload files into a directory. It works fine. My main question is: move_uploaded_file() is the one that saves the uploaded file into the directory, and it is also my …

Read More
Multiple Image Upload PHP form with one input

I've been trying to make this work for quite some time now. But I can't seem to make it work. I wanted to have a multiple image upload form with only using one input. this is my upload.php <?…

Read More