-1

I just created upload script but i have got problem after uploading files

I can see them like this:

enter image description here

After opening file number 1 file is opening perfectly, but problem is when i touch file 2 because this file have spaces or special symbols in name, and opens like this

enter image description here

here is my php files

<?php

$target_dir = "uploads/up/";

$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

$uploadOk = 1;

$FileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}


// Check file size
if ($_FILES["fileToUpload"]["size"] > 5000000000000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}




// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has 
been             uploaded.";
} else {
    echo "Sorry, there was an error uploading your file.";
}
}
?>

show.php

<?php
$sub = ($_GET['dir']);
$path = 'up';
$path = $path . "$sub";
$dh = opendir($path);
$i=1;







while (($file = readdir($dh)) !==   false) {
if($file != "." && $file != "..") {
    if (substr($file, -4, -3) =="."){


echo "<a href='".htmlspecialchars($path$result)."'>".$file."</a><br>";

    }
    $i++;
}
}

closedir($dh);
?>
Giorgi Shonia
  • 37
  • 7

1 Answers1

0

The problem is in your show.php here:

<a href='$path$result'>

The ' int he file name is the same used in your href parameter, which breaks it.

Use htmlspecialchars() to avoid this problem.

echo "<a href='".htmlspecialchars($path.$result)."'>".$file."</a><br>";
chrki
  • 6,143
  • 6
  • 35
  • 55