I am uploading a file to a php server from my java application and it uploads everything fine but I have noticed if it has a character such as ' in it then the in the file it will be \' not '
for example if I upload the file with the following code in java:
public static void main(String[] args)
{
FILE tmpFile = new FILE(EncryptionUtil.EncryptAndZip("tes't file.txt").getAbsoluteFile().toString());
postData
(
UPLOAD_URL + "?filename=" + URLEncoder.encode(file.getFileName() + ".zip", "utf-8"),
tmpFile.getFileName() + ".zip",
tmpFile.getFileLoader().readAllBytes() // FILE.getFileLoader().readAllBytes() is just a wrapper and reads all bytes from a file to byte[]
);
}
private static final String CrLf = "\r\n";
public static void postData(String url, String filename, byte[] byteData) throws IOException
{
URLConnection conn = null;
InputStream is = null;
OutputStream os = null;
try
{
URL obj = new URL(url);
System.out.println("url:" + obj);
conn = obj.openConnection();
conn.setDoOutput(true);
String message1 = "";
message1 += "-----------------------------4664151417711" + CrLf;
message1 += "Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"" + filename + "\""
+ CrLf;
message1 += "Content-Type: application/octet-stream" + CrLf;
message1 += CrLf;
String message2 = "";
message2 += CrLf + "-----------------------------4664151417711--"
+ CrLf;
conn.setRequestProperty("Content-Type",
"multipart/form-data; boundary=---------------------------4664151417711");
conn.setRequestProperty("Content-Length", String.valueOf((message1
.length() + message2.length() + byteData.length)));
os = conn.getOutputStream();
os.write(message1.getBytes());
int index = 0;
int size = 1024;
do
{
if ((index + size) > byteData.length)
{
size = byteData.length - index;
}
os.write(byteData, index, size);
index += size;
}
while (index < byteData.length);
os.write(message2.getBytes());
os.flush();
is = conn.getInputStream();
char buff = 512;
int len;
byte[] data = new byte[buff];
do
{
len = is.read(data);
if (len > 0)
{
System.out.println(new String(data, 0, len));
}
}
while (len > 0);
}
catch (Exception e)
{
e.printStackTrace();
}
finally
{
try
{
os.close();
}
catch (Exception e)
{
}
try
{
is.close();
}
catch (Exception e)
{
}
try
{
}
catch (Exception e)
{
}
}
}
response from server
url: http://127.0.0.1/cloudstore/upload.php?filename=tes%27t+.txt.zip
name of file user wants to save as: tes\'t file.txt.zip
actual save name: tes\'t file.txt.zip
Array
(
[name] => tes't file.txt.zip
[type] => application/octet-stream
[tmp_name] => /tmp/phpgYl0QT
[error] => 0
[size] => 1274598
)
and below is my php file upload.php
<?php
$target_path = "" . $_GET['filename'];
echo ' name of file user wants to save as: '.$target_path.'<br/>';
if (!file_exists(dirname($target_path))) {
mkdir(dirname($target_path), 0777, true);
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "actual save name: ".basename( $_FILES['uploadedfile']['name'])." <br/>";
} else{
echo "There was an error uploading the file, please try again!<br />";
}
print_r($_FILES['uploadedfile']);
?>
what would be causing this issue I think it is php trying to sanitize the input? how would I stop this from occurring?
As wished by the OP, to close the question.
Use stripslashes()
It helps to un-quote a quoted string, which is the cause.
It will change tes\'t to tes't if desired to be saved as such, and if so desired.
From the manual:
An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it was on by default before PHP 5.4), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다