How to replace space " " with underscore "_"

GertK · January 11, 2014, 11:47pm

I need a little help. I have created the below script. A form that save its info to my database and a long with that it create some (2 on different paths) folders on the server.

My issue is that in the form under ”folder” you can type the name of the folder you want to create along with the info that is saved in the database. At the moment everything works just as it should. My request/issue is how do a replace space “ “ from the folder name to an underscore “_”

Means, if someone enters a folder name called “My Folder Photo” I need the script to change the name to: “my_folder_photo” so it will work in urls on the website.

The is my codes so fare:

<?php
include "../config.php";
if(isset($_POST['send']))
{
mysql_query("insert into profiles set name= '".$_POST["name"]."', age= '".$_POST["age"]."', country = '".$_POST["country"]."', folder = '".$_POST["folder"]."'");

$folder = $_POST['folder'];
$path1 = '../game1/photos/' . $folder;
$path2 = '../game2/photos/' . $folder;
mkdir($path1);
mkdir($path2);
header("Location: myprofile-new-step2.php");

exit;
}

?>


<form method="post" action="<?=$_SERVER["PHP_SELF"]?>" name="myform" id="myform">
<table bgcolor="#FFFFFF"  border="0" align="center"><tr><td width="70">
Name:
</td><td width="270">
<input type="text" name="name" size="40">
</td><td>

</td></tr><tr><td>
Age:
</td><td>
<input type="text" name="age" size="40">
</td><td>

</td></tr><tr><td>
Country:
</td><td>
<select name="country"  data-placeholder="<?=$country?>" class="chosen-select" style="width:250px;" id="<?=$country?>" value="<?=$country?>"  <?= (!empty($country) ? 'checked="checked"' : "")?>>
            <option value="<?=$country?>"></option>
            <option value="United States">United States</option>
            <option value="United Kingdom">United Kingdom</option>
</select>
</td><td>
Enter the country you live in.
</td></tr><tr><td>
Folder:
</td><td>
<input type="text" name="folder" size="40"  id="folder">
</td><td>

</td></tr></table>
<center><br />
<input type="submit" name="send" title="NEXT" value="NEXT"></center>
</form>

Im a new to php so need as much help as possible to figure this out THANKS

John_Betong · January 12, 2014, 1:58am

Try Googling for “php manual str_replace()”.

Be aware that the space may be "%20"and also best to set the final path to lowercase.
Google “php manual strtolower()”

Added:

What happens if two users select the same path name?

Why not use the username + userID or something guaranteed to be unique?

iamjones · January 12, 2014, 11:01pm

strtolower( str_replace( " ", "_", $item ) );

Yeh I agree with John. You should save users stuff to a directory of their user id that way you will not be accidentally overwriting any of your users files.

Also the mysql_* functions are depreciated.

vectorialpx · January 13, 2014, 1:13pm

I hope you don’t have that code on any on-line server.

SQL-injection, from:

mysql_query("insert into profiles set name= '".$_POST["name"]."', age= '".$_POST["age"]."', country = '".$_POST["country"]."', folder = '".$_POST["folder"]."'");

And I can create a bazilion folders on your drive, from:

$folder = $_POST['folder'];
$path1 = '../game1/photos/' . $folder;
mkdir($path1);

My suggestion is to save files into folders organized by date (more exactly by month) and not by username. After a number of 200 000 users the OS will have some speed issues in reading all your folders. So, again, my suggestion is:

<?php

$dateToStore = date('YM');
// store $dateToStore into database

$path1 = '../game1/photos/' . $dateToStore;
$path2 = '../game2/photos/' . $dateToStore;
mkdir($path1);
mkdir($path2); 

?>

And also, this is how you will eliminate the 2nd security issue.
Also, as @iamjones says, you should use PDO and [URL=“http://ro1.php.net/manual/en/pdo.prepared-statements.php”]prepared statements.