Solved

File names with & character

Posted on 2016-08-09
6
69 Views
Last Modified: 2016-08-16
I am creating pdf files on a web server; the file name is based on a company name; some companies have the & character in the name, for example, SMITH&JONES.

Will this create an issue by attaching a pdf file with the name like SMITH&JONES.pdf to an email to send to someone? Emails created using phpMailer with attachment on web server.

Can abobe acrobat reader or other 3rd party pdf readers accept file names containing an &?

Thanks
0
Comment
Question by:Richard Korts
6 Comments
 
LVL 31

Accepted Solution

by:
Frosty555 earned 250 total points
ID: 41749079
Assuming everybody escapes the "&" character properly, yes it should work fine.

The ampersand character is not a reserved character for most filesystems, meaning you can put it into filenames in Windows without any trouble and Adobe Reader and other programs will open it no problem.

It IS, however, a special character in URLs, because it denotes the end of one HTTP GET parameter and the start of the next parameter in a URL, e.g. "http://mywebsite.com/somepage.php?param1=foo¶m2=bar".

So if any website (including your own webserver) ever references the file name in the URL, it would need to make sure it is escaped properly, e.g. "http://mywebsite.com/somepage.php?file=SMITH&JONES".

You might also need to properly escape the character if you execute a bash script that references the filename, e.g. "mv /var/lib/foo/SMITH\&JONES.pdf  /foo/bar"

So assuming that the various technologies that you use escape and sanitize user input properly, you should have no problems.
0
 

Author Comment

by:Richard Korts
ID: 41749106
Frosty555,

I am aware of the "Get" consideration; that's what made me think this could be an issue to begin with. Use of & in urls is as you said.

So I think the only remaining question is if I build an email and attach a file named SMITH&JONES.pdf, will that go OK as far as email is concerned?

Thanks,

Richard
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 41749147
Here's my take on it, purely philosophical based on experience and without any instant testing to back it up.

File names are for the computers; they should never matter to the humans at all.  In fact, it is usually best to have a separate "display name" for the humans that is aligned with the true file name through some kind of translation table.

If you do it this way, you can display SMITH&JONES and keep the true (computer) file name out of the (human) display.  This means that you can use only known good values for the file names, avoiding the use of special characters, blanks, URL-sensitive characters, etc.

TL;DR: Use only A-Z, 0-9, and underscore in file names.  You will never have a problem with those characters.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Richard Korts
ID: 41749245
Ray,

That's what I kind of thought.

Just hoping to avoid some programming mods.

Thanks
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41749400
No, just fix it.  Get the '&' out of the file names and URLs.  Even & in a URL gets interpreted as '&'.
0
 

Author Comment

by:Richard Korts
ID: 41749444
Yes, Dave.

I'm going to do that.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now