Be sure to be careful with the $_FILES['userfile']['name'] array element. If the client uploads a file that has an apostrophe in the filename it WILL NOT get set to the full name of the file from the client's machine. |
For example, if the client uploads a file named george's car.jpg the $_FILES['userfile']['name'] element will be set to s car.jpg because PHP appears to cut off everything before the apostrophe as well as the apostrophe itself.
This did not happen in some of the previous versions of PHP but I know that it happens in version 4.3.10 so watch out for this.
I thought this was a bug so I submitted it but it turns out that it is a "security measure"
So the fact that you cannot reproduce this MySQL slash problem is because of your version of PHP, not because the v.2.3 classifieds code is doing something special, because it is not. Look at the filenames is the data directory and the products table to see the truncations from PHP itself.
Now downgrade your PHP (who knows to what version) and you will get the same type of "error is near 's pictures 101.jpg" so again IT IS a slashing issue. Further, even though the function fixfilename is in pp-inc.php, the function fixfilename is NOT called on $realname in uploadproduct.php.