It's not as straightforward as it seems.
Originally Posted by dmac
When PHP accepts an uploaded file, it saves the file on the server in a temporary directory (folder) with a perfectly valid and randomly generated name.
For example, if I use your form to upload "My Bad %$@? file name.pdf", PHP accepts the file and saves it as, say "/tmp/A6IM9F.tmp".
FormMail then has two pieces of information to work with:
When FormMail attaches the file to the email it sends you, it attaches the contents by reading the saved temporary file and puts the original file name in the email header (so your email program knows what the file was and is to be named).
- The actual file name (and its contents) saved on the server ("/tmp/A6IM9F.tmp").
- The original name of the file on the user's computer.
This use of the original name of the file may or may not be valid for your PC. If you have a Windows PC, then certain characters may be problem. If you have Mac or Linux PC, then certain other characters may be a problem.
In other words, there's no universal set of "illegal characters".
If you're saving the file on your server, using FormMail's FILE_REPOSITORY feature, the base file name will be used. So if there are any "/" or "\" (for a Windows server) characters in the uploaded file name only the last component will be used.
It's still possible there are illegal characters in the file name after that and the server may then refuse to save the file - the uploading user will get an error.
These problems are what FormMail's "file_names" renaming feature is there to solve.
When you're attaching the uploaded file to an email, the "file_names" feature simply renames the file as it appears as an attachment in the email. So if, as an uploader, I upload "fred.pdf", you might rename it to "file1.pdf" and that's what is in your received email.
When you're saving to a repository, the "file_names" feature actually renames the file as stored on your server.
This is how you get "safe" file names stored on your server.
So, if you renamed the uploaded file as "file1.pdf", that's what it would be stored as in your server repository.
Of course, if you use the same name for every upload, then that file will be constantly overwritten (or not, depending on the FILE_OVERWRITE setting in FormMail). And that's not much use to you.
So, you would generally use %nextnum% or the user's name or date and time, etc., to generate a unique file name when you rename an uploaded file.
When you use the "file_names" feature, the original name of the file (on the uploader's computer) is still available as the file field name ($fieldname in a template). The new name of the file is available as an automatically created field called "name_of_fieldname" ($name_of_fieldname in a template).
When saving the file in a repository on the server, you can then provide a download link in the email you receive (provided, of course, the repository is accessible on the web).
You generate the correct link using a fixed path and the generated field name.
For example, in an HTML template I'd put this:
Uploaded file: $filefield <br />
Link to download: <a href="http://www.yourserver.com/repository/$name_of_filefield">$filefield</a>