blocks|key|3262412|text|//+CLEAN+ILLEGAL+CHARACTERS
function+clean_filename($source_file)
{
++++$search[]+=+"+";
++++$search[]+=+"&";
++++$search[]+=+"$";
++++$search[]+=+",";
++++$search[]+=+"!";
++++$search[]+=+"@";
++++$search[]+=+"#";
++++$search[]+=+"%5E";
++++$search[]+=+"(";
++++$search[]+=+")";
++++$search[]+=+"%2B";
++++$search[]+=+"=";
++++$search[]+=+"[";
++++$search[]+=+"]";

++++$replace[]+=+"_";
++++$replace[]+=+"and";
++++$replace[]+=+"S";
++++$replace[]+=+"_";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";
++++$replace[]+=+"";

++++return+str_replace($search,$replace,$source_file);

}+|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|3262413|unstyled|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$B|C]]|$1|D|3|-4|5|E|7|H|8|@]|9|@]|A|$]]]|F|$]]

<pre><code>// CLEAN ILLEGAL CHARACTERS
function clean_filename($source_file)
{
 $search[] = " ";
 $search[] = "&amp;";
 $search[] = "$";
 $search[] = ",";
 $search[] = "!";
 $search[] = "@";
 $search[] = "#";
 $search[] = "^";
 $search[] = "(";
 $search[] = ")";
 $search[] = "+";
 $search[] = "=";
 $search[] = "[";
 $search[] = "]";

 $replace[] = "_";
 $replace[] = "and";
 $replace[] = "S";
 $replace[] = "_";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";
 $replace[] = "";

 return str_replace($search,$replace,$source_file);

} 
</code></pre>

blocks|key|309908|text|我在Chyrp代码中发现了这个更大的函数：|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|309909|/**
+*+Function:+sanitize
+*+Returns+a+sanitized+string,+typically+for+URLs.
+*
+*+Parameters:
+*+++++$string+-+The+string+to+sanitize.
+*+++++$force_lowercase+-+Force+the+string+to+lowercase?
+*+++++$anal+-+If+set+to+*true*,+will+remove+all+non-alphanumeric+characters.
+*/
function+sanitize($string,+$force_lowercase+=+true,+$anal+=+false)+{
++++$strip+=+array("~",+"`",+"!",+"@",+"#",+"$",+"%25",+"%5E",+"&",+"*",+"(",+")",+"_",+"=",+"%2B",+"[",+"{",+"]",
+++++++++++++++++++"}",+"\\",+"%7C",+";",+":",+"\"",+"'",+"&#8216;",+"&#8217;",+"&#8220;",+"&#8221;",+"&#8211;",+"&#8212;",
+++++++++++++++++++"â€”",+"â€“",+",",+"<",+".",+">",+"/",+"?");
++++$clean+=+trim(str_replace($strip,+"",+strip_tags($string)));
++++$clean+=+preg_replace('/\s%2B/',+"-",+$clean);
++++$clean+=+($anal)+?+preg_replace("/[%5Ea-zA-Z0-9]/",+"",+$clean)+:+$clean+;
++++return+($force_lowercase)+?
++++++++(function_exists('mb_strtolower'))+?
++++++++++++mb_strtolower($clean,+'UTF-8')+:
++++++++++++strtolower($clean)+:
++++++++$clean;
}|code-block|syntax|javascript|309910|这是wordpress代码中的一个|309911|/**
+*+Sanitizes+a+filename+replacing+whitespace+with+dashes
+*
+*+Removes+special+characters+that+are+illegal+in+filenames+on+certain
+*+operating+systems+and+special+characters+requiring+special+escaping
+*+to+manipulate+at+the+command+line.+Replaces+spaces+and+consecutive
+*+dashes+with+a+single+dash.+Trim+period,+dash+and+underscore+from+beginning
+*+and+end+of+filename.
+*
+*+@since+2.1.0
+*
+*+@param+string+$filename+The+filename+to+be+sanitized
+*+@return+string+The+sanitized+filename
+*/
function+sanitize_file_name(+$filename+)+{
++++$filename_raw+=+$filename;
++++$special_chars+=+array("?",+"[",+"]",+"/",+"\\",+"=",+"<",+">",+":",+";",+",",+"'",+"\"",+"&",+"$",+"#",+"*",+"(",+")",+"%7C",+"~",+"`",+"!",+"{",+"}");
++++$special_chars+=+apply_filters('sanitize_file_name_chars',+$special_chars,+$filename_raw);
++++$filename+=+str_replace($special_chars,+'',+$filename);
++++$filename+=+preg_replace('/[\s-]%2B/',+'-',+$filename);
++++$filename+=+trim($filename,+'.-_');
++++return+apply_filters('sanitize_file_name',+$filename,+$filename_raw);
}|309912|更新2012年9月|309913|Alix+Axel在这一领域做了一些令人难以置信的工作。他的函数框架包括几个很好的文本过滤器和转换。|309914|309915|Unaccent|unordered-list-item|309916|Slug|309917|Filter|309918|309919|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/vito/chyrp/blob/35c646dda657300b345a233ab10eaca7ccd4ec10/includes/helpers.php#L515|1|http://wordpress.org/|2|https://stackoverflow.com/users/89771/alix-axel|3|https://github.com/alixaxel/phunction/blob/master/phunction/Text.php#L297|4|https://github.com/alixaxel/phunction/blob/master/phunction/Text.php#L249|5|https://github.com/alixaxel/phunction/blob/master/phunction.php#L301^0|2|5|0|0|0|2|9|1|0|0|0|0|9|2|0|0|0|8|3|0|0|4|4|0|0|6|5|0|0^^$0|@$1|2|3|4|5|6|7|1H|8|@]|9|@$A|1I|B|1J|1|1K]]|C|$]]|$1|D|3|E|5|F|7|1L|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|1M|8|@]|9|@$A|1N|B|1O|1|1P]]|C|$]]|$1|K|3|L|5|F|7|1Q|8|@]|9|@]|C|$G|H]]|$1|M|3|N|5|6|7|1R|8|@]|9|@]|C|$]]|$1|O|3|P|5|6|7|1S|8|@]|9|@$A|1T|B|1U|1|1V]]|C|$]]|$1|Q|3|-4|5|6|7|1W|8|@]|9|@]|C|$]]|$1|R|3|S|5|T|7|1X|8|@]|9|@$A|1Y|B|1Z|1|20]]|C|$]]|$1|U|3|V|5|T|7|21|8|@]|9|@$A|22|B|23|1|24]]|C|$]]|$1|W|3|X|5|T|7|25|8|@]|9|@$A|26|B|27|1|28]]|C|$]]|$1|Y|3|-4|5|6|7|29|8|@]|9|@]|C|$]]|$1|Z|3|-4|5|6|7|2A|8|@]|9|@]|C|$]]]|10|$11|$5|12|13|14|C|$15|16]]|17|$5|12|13|14|C|$15|18]]|19|$5|12|13|14|C|$15|1A]]|1B|$5|12|13|14|C|$15|1C]]|1D|$5|12|13|14|C|$15|1E]]|1F|$5|12|13|14|C|$15|1G]]]]

I found this larger function in the <a href="https://github.com/vito/chyrp/blob/35c646dda657300b345a233ab10eaca7ccd4ec10/includes/helpers.php#L515" rel="noreferrer">Chyrp</a> code:

<pre><code>/**
 * Function: sanitize
 * Returns a sanitized string, typically for URLs.
 *
 * Parameters:
 * $string - The string to sanitize.
 * $force_lowercase - Force the string to lowercase?
 * $anal - If set to *true*, will remove all non-alphanumeric characters.
 */
function sanitize($string, $force_lowercase = true, $anal = false) {
 $strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&amp;", "*", "(", ")", "_", "=", "+", "[", "{", "]",
 "}", "\\", "|", ";", ":", "\"", "'", "&amp;#8216;", "&amp;#8217;", "&amp;#8220;", "&amp;#8221;", "&amp;#8211;", "&amp;#8212;",
 "â€”", "â€“", ",", "&lt;", ".", "&gt;", "/", "?");
 $clean = trim(str_replace($strip, "", strip_tags($string)));
 $clean = preg_replace('/\s+/', "-", $clean);
 $clean = ($anal) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
 return ($force_lowercase) ?
 (function_exists('mb_strtolower')) ?
 mb_strtolower($clean, 'UTF-8') :
 strtolower($clean) :
 $clean;
}
</code></pre>

and this one in the <a href="http://wordpress.org" rel="noreferrer">wordpress</a> code

<pre><code>/**
 * Sanitizes a filename replacing whitespace with dashes
 *
 * Removes special characters that are illegal in filenames on certain
 * operating systems and special characters requiring special escaping
 * to manipulate at the command line. Replaces spaces and consecutive
 * dashes with a single dash. Trim period, dash and underscore from beginning
 * and end of filename.
 *
 * @since 2.1.0
 *
 * @param string $filename The filename to be sanitized
 * @return string The sanitized filename
 */
function sanitize_file_name( $filename ) {
 $filename_raw = $filename;
 $special_chars = array("?", "[", "]", "/", "\\", "=", "&lt;", "&gt;", ":", ";", ",", "'", "\"", "&amp;", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
 $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
 $filename = str_replace($special_chars, '', $filename);
 $filename = preg_replace('/[\s-]+/', '-', $filename);
 $filename = trim($filename, '.-_');
 return apply_filters('sanitize_file_name', $filename, $filename_raw);
}
</code></pre>

<h2>Update Sept 2012</h2>

<a href="https://stackoverflow.com/users/89771/alix-axel">Alix Axel</a> has done some incredible work in this area. His phunction framework includes several great text filters and transformations.

<ul>
<li><a href="https://github.com/alixaxel/phunction/blob/master/phunction/Text.php#L297" rel="noreferrer">Unaccent</a></li>
<li><a href="https://github.com/alixaxel/phunction/blob/master/phunction/Text.php#L249" rel="noreferrer">Slug</a></li>
<li><a href="https://github.com/alixaxel/phunction/blob/master/phunction.php#L301" rel="noreferrer">Filter</a></li>
</ul>

blocks|key|307877|text|我不认为有一个要删除的字符列表是安全的。我更倾向于使用以下内容：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|307878|对于文件名:使用内部ID或文件内容的散列。将文档名称保存在数据库中。这样，您可以保留原始文件名，同时仍然可以找到该文件。|307879|对于url参数:使用urlencode()对任何特殊字符进行编码。|offset|length|style|CODE|307880|entityMap^0|0|0|A|B|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|M|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|N|8|@$F|O|G|P|H|I]]|9|@]|A|$]]|$1|J|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|K|$]]

I don't think having a list of chars to remove is safe. I would rather use the following:

For filenames: Use an internal ID or a hash of the filecontent. Save the document name in a database. This way you can keep the original filename and still find the file.

For url parameters: Use <code>urlencode()</code> to encode any special characters.

blocks|key|313025|text|试试这个：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|313026|function+normal_chars($string)
{
++++$string+=+htmlentities($string,+ENT_QUOTES,+'UTF-8');
++++$string+=+preg_replace('~&([a-z]{1,2})(acute%7Ccedil%7Ccirc%7Cgrave%7Clig%7Corn%7Cring%7Cslash%7Cth%7Ctilde%7Cuml);~i',+'$1',+$string);
++++$string+=+html_entity_decode($string,+ENT_QUOTES,+'UTF-8');
++++$string+=+preg_replace(array('~[%5E0-9a-z]~i',+'~[+-]%2B~'),+'+',+$string);

++++return+trim($string,+'+-');
}

Examples:

echo+normal_chars('Álix----_Ãxel!?!?');+//+Alix+Axel
echo+normal_chars('áéíóúÁÉÍÓÚ');+//+aeiouAEIOU
echo+normal_chars('üÿÄËÏÖÜŸåÅ');+//+uyAEIOUYaA|code-block|syntax|javascript|313027|根据此帖子中选择的答案：URL+Friendly+Username+in+PHP?|offset|length|313028|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/2103797/url-friendly-username-in-php^0|0|0|C|T|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|U|8|@]|9|@$I|V|J|W|1|X]]|A|$]]|$1|K|3|-4|5|6|7|Y|8|@]|9|@]|A|$]]]|L|$M|$5|N|O|P|A|$Q|R]]]]

Try this:

<pre><code>function normal_chars($string)
{
 $string = htmlentities($string, ENT_QUOTES, 'UTF-8');
 $string = preg_replace('~&amp;([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', $string);
 $string = html_entity_decode($string, ENT_QUOTES, 'UTF-8');
 $string = preg_replace(array('~[^0-9a-z]~i', '~[ -]+~'), ' ', $string);

 return trim($string, ' -');
}

Examples:

echo normal_chars('Álix----_Ãxel!?!?'); // Alix Axel
echo normal_chars('áéíóúÁÉÍÓÚ'); // aeiouAEIOU
echo normal_chars('üÿÄËÏÖÜŸåÅ'); // uyAEIOUYaA
</code></pre>

Based on the selected answer in this thread: <a href="https://stackoverflow.com/questions/2103797/url-friendly-username-in-php">URL Friendly Username in PHP?</a>

blocks|key|3262615|text|对您的解决方案的一些观察：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3262616|模式末尾的|3262617|'u‘意味着模式，而不是它匹配的文本将被解释为UTF-8+(我假设是后者？)。|ordered-list-item|offset|length|style|BOLD|3262618|\w匹配下划线字符。您特别为文件包含它，这会导致您不希望它们出现在URL中的假设，但是在代码中，您拥有的URL将被允许包含underscore.|3262619|The包含的“外部UTF-8”似乎依赖于区域设置。目前还不清楚这是服务器还是客户端的语言环境。来自PHP文档：|3262620|3262621|3262622|+"word“字符是任何字母或数字或下划线字符，也就是说，可以是Perl+"word”的任何字符。字母和数字的定义由PCRE的字符表控制，如果发生特定于区域设置的匹配，则可能会有所不同。例如，在"fr“(法语)区域设置中，一些大于128的字符代码用于重音字母，这些字符代码由\w.|blockquote|3262623|
匹配|3262624|创建slug|3262625|你可能不应该在你的帖子段塞中包含重音等字符，因为从技术上讲，它们应该是百分比编码的(根据URL编码规则)，这样你就会有丑陋的URL。|3262626|因此，如果我是你，在小写之后，我会将任何“特殊”字符转换为它们的等效字符(例如é->+e)，并将非a-z字符替换为“-”，限制为单个“-”的运行，就像你所做的那样。这里有一个转换特殊字符的实现：https://web.archive.org/web/20130208144021/http://neo22s.com/slug|3262627|一般情况下的卫生|3262628|OWASP有一个企业安全API的PHP实现，其中包括用于安全编码和解码应用程序中的输入和输出的方法。|3262629|编码器接口提供：|3262630|canonicalize+(string+$input,+[bool+$strict+=+true])
decodeFromBase64+(string+$input)
decodeFromURL+(string+$input)
encodeForBase64+(string+$input,+[bool+$wrap+=+false])
encodeForCSS+(string+$input)
encodeForHTML+(string+$input)
encodeForHTMLAttribute+(string+$input)
encodeForJavaScript+(string+$input)
encodeForOS+(Codec+$codec,+string+$input)
encodeForSQL+(Codec+$codec,+string+$input)
encodeForURL+(string+$input)
encodeForVBScript+(string+$input)
encodeForXML+(string+$input)
encodeForXMLAttribute+(string+$input)
encodeForXPath+(string+$input)|code-block|syntax|javascript|3262631|https://github.com/OWASP/PHP-ESAPI+https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API|3262632|entityMap|0|LINK|mutability|MUTABLE|url|https://web.archive.org/web/20130208144021/http://neo22s.com/slug|1|https://github.com/OWASP/PHP-ESAPI|2|https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API^0|0|0|6|2|0|0|0|0|0|0|0|0|0|2P|1T|0|0|0|0|0|0|0|Y|1|Z|1Y|2|0^^$0|@$1|2|3|4|5|6|7|1Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|1R|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|1S|8|@$G|1T|H|1U|I|J]]|9|@]|A|$]]|$1|K|3|L|5|F|7|1V|8|@]|9|@]|A|$]]|$1|M|3|N|5|F|7|1W|8|@]|9|@]|A|$]]|$1|O|3|-4|5|6|7|1X|8|@]|9|@]|A|$]]|$1|P|3|-4|5|6|7|1Y|8|@]|9|@]|A|$]]|$1|Q|3|R|5|S|7|1Z|8|@]|9|@]|A|$]]|$1|T|3|U|5|6|7|20|8|@]|9|@]|A|$]]|$1|V|3|W|5|6|7|21|8|@]|9|@]|A|$]]|$1|X|3|Y|5|6|7|22|8|@]|9|@]|A|$]]|$1|Z|3|10|5|6|7|23|8|@]|9|@$G|24|H|25|1|26]]|A|$]]|$1|11|3|12|5|6|7|27|8|@]|9|@]|A|$]]|$1|13|3|14|5|6|7|28|8|@]|9|@]|A|$]]|$1|15|3|16|5|6|7|29|8|@]|9|@]|A|$]]|$1|17|3|18|5|19|7|2A|8|@]|9|@]|A|$1A|1B]]|$1|1C|3|1D|5|6|7|2B|8|@]|9|@$G|2C|H|2D|1|2E]|$G|2F|H|2G|1|2H]]|A|$]]|$1|1E|3|-4|5|6|7|2I|8|@]|9|@]|A|$]]]|1F|$1G|$5|1H|1I|1J|A|$1K|1L]]|1M|$5|1H|1I|1J|A|$1K|1N]]|1O|$5|1H|1I|1J|A|$1K|1P]]]]

Some observations on your solution:

<ol>
<li>'u' at the end of your pattern means that the pattern, and not the text it's matching will be interpreted as UTF-8 (I presume you assumed the latter?). </li>
<li>\w matches the underscore character. You specifically include it for files which leads to the assumption that you don't want them in URLs, but in the code you have URLs will be permitted to include an underscore.</li>
<li>The inclusion of "foreign UTF-8" seems to be locale-dependent. It's not clear whether this is the locale of the server or client. From the PHP docs:</li>
</ol>

<blockquote>
 <blockquote>
 A "word" character is any letter or digit or the underscore character, that is, any character which can be part of a Perl "word". The definition of letters and digits is controlled by PCRE's character tables, and may vary if locale-specific matching is taking place. For example, in the "fr" (French) locale, some character codes greater than 128 are used for accented letters, and these are matched by \w.
 </blockquote>
</blockquote>

<h3>Creating the slug</h3>

You probably shouldn't include accented etc. characters in your post slug since, technically, they should be percent encoded (per URL encoding rules) so you'll have ugly looking URLs.

So, if I were you, after lowercasing, I'd convert any 'special' characters to their equivalent (e.g. é -> e) and replace non [a-z] characters with '-', limiting to runs of a single '-' as you've done. There's an implementation of converting special characters here: <a href="https://web.archive.org/web/20130208144021/http://neo22s.com/slug" rel="noreferrer">https://web.archive.org/web/20130208144021/http://neo22s.com/slug</a>

<h3>Sanitization in general</h3>

OWASP have a PHP implementation of their Enterprise Security API which among other things includes methods for safe encoding and decoding input and output in your application. 

The Encoder interface provides:

<pre><code>canonicalize (string $input, [bool $strict = true])
decodeFromBase64 (string $input)
decodeFromURL (string $input)
encodeForBase64 (string $input, [bool $wrap = false])
encodeForCSS (string $input)
encodeForHTML (string $input)
encodeForHTMLAttribute (string $input)
encodeForJavaScript (string $input)
encodeForOS (Codec $codec, string $input)
encodeForSQL (Codec $codec, string $input)
encodeForURL (string $input)
encodeForVBScript (string $input)
encodeForXML (string $input)
encodeForXMLAttribute (string $input)
encodeForXPath (string $input)
</code></pre>

<a href="https://github.com/OWASP/PHP-ESAPI" rel="noreferrer">https://github.com/OWASP/PHP-ESAPI</a>
<a href="https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API" rel="noreferrer">https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</a>

blocks|key|3262643|text|我一直在想Kohana+did+a+pretty+good+job+of+it。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3262644|public+static+function+title($title,+$separator+=+'-',+$ascii_only+=+FALSE)
{
if+($ascii_only+===+TRUE)
{
//+Transliterate+non-ASCII+characters
$title+=+UTF8::transliterate_to_ascii($title);

//+Remove+all+characters+that+are+not+the+separator,+a-z,+0-9,+or+whitespace
$title+=+preg_replace('![%5E'.preg_quote($separator).'a-z0-9\s]%2B!',+'',+strtolower($title));
}
else
{
//+Remove+all+characters+that+are+not+the+separator,+letters,+numbers,+or+whitespace
$title+=+preg_replace('![%5E'.preg_quote($separator).'\pL\pN\s]%2B!u',+'',+UTF8::strtolower($title));
}

//+Replace+all+separator+characters+and+whitespace+by+a+single+separator
$title+=+preg_replace('!['.preg_quote($separator).'\s]%2B!u',+$separator,+$title);

//+Trim+separators+from+the+beginning+and+end
return+trim($title,+$separator);
}|code-block|syntax|javascript|3262645|方便的UTF8::transliterate_to_ascii()将会变成一些像ñ=>+n这样的东西。|style|CODE|3262646|当然，您也可以用mb_*函数替换其他UTF8::*内容。|3262647|entityMap|0|LINK|mutability|MUTABLE|url|http://github.com/kohana/core/blob/master/classes/kohana/url.php#L143^0|5|Y|0|0|0|3|U|0|I|7|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@$A|X|B|Y|1|Z]]|C|$]]|$1|D|3|E|5|F|7|10|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|11|8|@$A|12|B|13|K|L]]|9|@]|C|$]]|$1|M|3|N|5|6|7|14|8|@$A|15|B|16|K|L]]|9|@]|C|$]]|$1|O|3|-4|5|6|7|17|8|@]|9|@]|C|$]]]|P|$Q|$5|R|S|T|C|$U|V]]]]

I've always thought <a href="http://github.com/kohana/core/blob/master/classes/kohana/url.php#L143" rel="noreferrer">Kohana did a pretty good job of it</a>.

<pre><code>public static function title($title, $separator = '-', $ascii_only = FALSE)
{
if ($ascii_only === TRUE)
{
// Transliterate non-ASCII characters
$title = UTF8::transliterate_to_ascii($title);

// Remove all characters that are not the separator, a-z, 0-9, or whitespace
$title = preg_replace('![^'.preg_quote($separator).'a-z0-9\s]+!', '', strtolower($title));
}
else
{
// Remove all characters that are not the separator, letters, numbers, or whitespace
$title = preg_replace('![^'.preg_quote($separator).'\pL\pN\s]+!u', '', UTF8::strtolower($title));
}

// Replace all separator characters and whitespace by a single separator
$title = preg_replace('!['.preg_quote($separator).'\s]+!u', $separator, $title);

// Trim separators from the beginning and end
return trim($title, $separator);
}
</code></pre>

The handy <code>UTF8::transliterate_to_ascii()</code> will turn stuff like ñ => n.

Of course, you could replace the other <code>UTF8::*</code> stuff with mb_* functions.

blocks|key|310951|text|根据您将如何使用它，您可能希望添加一个长度限制，以防止缓冲区溢出。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|310952|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Depending on how you will use it, you might want to add a length limit to protect against buffer overflows.

blocks|key|3048898|text|在文件上传方面，最安全的做法是防止用户控制文件名。正如已经暗示的，将规范化的文件名与随机选择的唯一名称一起存储在数据库中，您将使用该名称作为实际的文件名。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3048899|使用OWASP+ESAPI，可以生成以下名称：|3048900|$userFilename+++=+ESAPI::getEncoder()->canonicalize($input_string);
$safeFilename+++=+ESAPI::getRandomizer()->getRandomFilename();|code-block|syntax|javascript|3048901|您可以将时间戳附加到$safeFilename，以帮助确保随机生成的文件名是唯一的，而无需检查现有文件。|3048902|在URL编码方面，并再次使用ESAPI：|3048903|$safeForURL+++++=+ESAPI::getEncoder()->encodeForURL($input_string);|3048904|此方法在编码字符串之前执行规范化，并将处理所有字符编码。|3048905|entityMap^0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|T|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|V|8|@]|9|@]|A|$]]|$1|K|3|L|5|6|7|W|8|@]|9|@]|A|$]]|$1|M|3|N|5|F|7|X|8|@]|9|@]|A|$G|H]]|$1|O|3|P|5|6|7|Y|8|@]|9|@]|A|$]]|$1|Q|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]]|R|$]]

In terms of file uploads, you would be safest to prevent the user from controlling the file name. As has already been hinted at, store the canonicalised filename in a database along with a randomly chosen and unique name which you'll use as the actual filename.

Using OWASP ESAPI, these names could be generated thus:

<pre><code>$userFilename = ESAPI::getEncoder()-&gt;canonicalize($input_string);
$safeFilename = ESAPI::getRandomizer()-&gt;getRandomFilename();
</code></pre>

You could append a timestamp to the $safeFilename to help ensure that the randomly generated filename is unique without even checking for an existing file.

In terms of encoding for URL, and again using ESAPI:

<pre><code>$safeForURL = ESAPI::getEncoder()-&gt;encodeForURL($input_string);
</code></pre>

This method performs canonicalisation before encoding the string and will handle all character encodings.

blocks|key|307935|text|为什么不直接使用php的urlencode呢？它用urls的十六进制表示替换“危险”字符(例如，%2520表示空格)|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|307936|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/urlencode^0|C|9|1C|3|C|9|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@$9|O|A|P|B|C]|$9|Q|A|R|B|C]]|D|@$9|S|A|T|1|U]]|E|$]]|$1|F|3|-4|5|6|7|V|8|@]|D|@]|E|$]]]|G|$H|$5|I|J|K|E|$L|M]]]]

why not simply use php's <a href="http://php.net/urlencode" rel="nofollow noreferrer"><code>urlencode</code></a>? it replaces "dangerous" characters with their hex representation for urls (i.e. <code>%20</code> for a space)

blocks|key|313058|text|这将使您的文件名安全...|type|unstyled|depth|inlineStyleRanges|entityRanges|data|313059|$string+=+preg_replace(array('/\s/',+'/\.[\.]%2B/',+'/[%5E\w_\.\-]/'),+array('_',+'.',+''),+$string);|code-block|syntax|javascript|313060|一个更深层次的解决方案是：|313061|//+Remove+special+accented+characters+-+ie.+sí.
$clean_name+=+strtr($string,+array('Š'+=>+'S','Ž'+=>+'Z','š'+=>+'s','ž'+=>+'z','Ÿ'+=>+'Y','À'+=>+'A','Á'+=>+'A','Â'+=>+'A','Ã'+=>+'A','Ä'+=>+'A','Å'+=>+'A','Ç'+=>+'C','È'+=>+'E','É'+=>+'E','Ê'+=>+'E','Ë'+=>+'E','Ì'+=>+'I','Í'+=>+'I','Î'+=>+'I','Ï'+=>+'I','Ñ'+=>+'N','Ò'+=>+'O','Ó'+=>+'O','Ô'+=>+'O','Õ'+=>+'O','Ö'+=>+'O','Ø'+=>+'O','Ù'+=>+'U','Ú'+=>+'U','Û'+=>+'U','Ü'+=>+'U','Ý'+=>+'Y','à'+=>+'a','á'+=>+'a','â'+=>+'a','ã'+=>+'a','ä'+=>+'a','å'+=>+'a','ç'+=>+'c','è'+=>+'e','é'+=>+'e','ê'+=>+'e','ë'+=>+'e','ì'+=>+'i','í'+=>+'i','î'+=>+'i','ï'+=>+'i','ñ'+=>+'n','ò'+=>+'o','ó'+=>+'o','ô'+=>+'o','õ'+=>+'o','ö'+=>+'o','ø'+=>+'o','ù'+=>+'u','ú'+=>+'u','û'+=>+'u','ü'+=>+'u','ý'+=>+'y','ÿ'+=>+'y'));
$clean_name+=+strtr($clean_name,+array('Þ'+=>+'TH',+'þ'+=>+'th',+'Ð'+=>+'DH',+'ð'+=>+'dh',+'ß'+=>+'ss',+'Œ'+=>+'OE',+'œ'+=>+'oe',+'Æ'+=>+'AE',+'æ'+=>+'ae',+'µ'+=>+'u'));

$clean_name+=+preg_replace(array('/\s/',+'/\.[\.]%2B/',+'/[%5E\w_\.\-]/'),+array('_',+'.',+''),+$clean_name);|313062|这假设您需要在文件名中使用一个点。如果您想将其转换为小写，只需使用|313063|$clean_name+=+strtolower($clean_name);|313064|最后一行。|313065|entityMap^0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|U|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|W|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|O|3|P|5|6|7|Y|8|@]|9|@]|A|$]]|$1|Q|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]]|R|$]]

This should make your filenames safe...

<pre><code>$string = preg_replace(array('/\s/', '/\.[\.]+/', '/[^\w_\.\-]/'), array('_', '.', ''), $string);
</code></pre>

and a deeper solution to this is:

<pre><code>// Remove special accented characters - ie. sí.
$clean_name = strtr($string, array('Š' =&gt; 'S','Ž' =&gt; 'Z','š' =&gt; 's','ž' =&gt; 'z','Ÿ' =&gt; 'Y','À' =&gt; 'A','Á' =&gt; 'A','Â' =&gt; 'A','Ã' =&gt; 'A','Ä' =&gt; 'A','Å' =&gt; 'A','Ç' =&gt; 'C','È' =&gt; 'E','É' =&gt; 'E','Ê' =&gt; 'E','Ë' =&gt; 'E','Ì' =&gt; 'I','Í' =&gt; 'I','Î' =&gt; 'I','Ï' =&gt; 'I','Ñ' =&gt; 'N','Ò' =&gt; 'O','Ó' =&gt; 'O','Ô' =&gt; 'O','Õ' =&gt; 'O','Ö' =&gt; 'O','Ø' =&gt; 'O','Ù' =&gt; 'U','Ú' =&gt; 'U','Û' =&gt; 'U','Ü' =&gt; 'U','Ý' =&gt; 'Y','à' =&gt; 'a','á' =&gt; 'a','â' =&gt; 'a','ã' =&gt; 'a','ä' =&gt; 'a','å' =&gt; 'a','ç' =&gt; 'c','è' =&gt; 'e','é' =&gt; 'e','ê' =&gt; 'e','ë' =&gt; 'e','ì' =&gt; 'i','í' =&gt; 'i','î' =&gt; 'i','ï' =&gt; 'i','ñ' =&gt; 'n','ò' =&gt; 'o','ó' =&gt; 'o','ô' =&gt; 'o','õ' =&gt; 'o','ö' =&gt; 'o','ø' =&gt; 'o','ù' =&gt; 'u','ú' =&gt; 'u','û' =&gt; 'u','ü' =&gt; 'u','ý' =&gt; 'y','ÿ' =&gt; 'y'));
$clean_name = strtr($clean_name, array('Þ' =&gt; 'TH', 'þ' =&gt; 'th', 'Ð' =&gt; 'DH', 'ð' =&gt; 'dh', 'ß' =&gt; 'ss', 'Œ' =&gt; 'OE', 'œ' =&gt; 'oe', 'Æ' =&gt; 'AE', 'æ' =&gt; 'ae', 'µ' =&gt; 'u'));

$clean_name = preg_replace(array('/\s/', '/\.[\.]+/', '/[^\w_\.\-]/'), array('_', '.', ''), $clean_name);
</code></pre>

This assumes that you want a dot in the filename.
if you want it transferred to lowercase, just use

<pre><code>$clean_name = strtolower($clean_name);
</code></pre>

for the last line.

blocks|key|3048923|text|我改编自另一个来源，并添加了几个额外的，也许有点夸张|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3048924|/**
+*+Convert+a+string+into+a+url+safe+address.
+*
+*+@param+string+$unformatted
+*+@return+string
+*/
public+function+formatURL($unformatted)+{

++++$url+=+strtolower(trim($unformatted));

++++//replace+accent+characters,+forien+languages
++++$search+=+array('À',+'Á',+'Â',+'Ã',+'Ä',+'Å',+'Æ',+'Ç',+'È',+'É',+'Ê',+'Ë',+'Ì',+'Í',+'Î',+'Ï',+'Ð',+'Ñ',+'Ò',+'Ó',+'Ô',+'Õ',+'Ö',+'Ø',+'Ù',+'Ú',+'Û',+'Ü',+'Ý',+'ß',+'à',+'á',+'â',+'ã',+'ä',+'å',+'æ',+'ç',+'è',+'é',+'ê',+'ë',+'ì',+'í',+'î',+'ï',+'ñ',+'ò',+'ó',+'ô',+'õ',+'ö',+'ø',+'ù',+'ú',+'û',+'ü',+'ý',+'ÿ',+'Ā',+'ā',+'Ă',+'ă',+'Ą',+'ą',+'Ć',+'ć',+'Ĉ',+'ĉ',+'Ċ',+'ċ',+'Č',+'č',+'Ď',+'ď',+'Đ',+'đ',+'Ē',+'ē',+'Ĕ',+'ĕ',+'Ė',+'ė',+'Ę',+'ę',+'Ě',+'ě',+'Ĝ',+'ĝ',+'Ğ',+'ğ',+'Ġ',+'ġ',+'Ģ',+'ģ',+'Ĥ',+'ĥ',+'Ħ',+'ħ',+'Ĩ',+'ĩ',+'Ī',+'ī',+'Ĭ',+'ĭ',+'Į',+'į',+'İ',+'ı',+'Ĳ',+'ĳ',+'Ĵ',+'ĵ',+'Ķ',+'ķ',+'Ĺ',+'ĺ',+'Ļ',+'ļ',+'Ľ',+'ľ',+'Ŀ',+'ŀ',+'Ł',+'ł',+'Ń',+'ń',+'Ņ',+'ņ',+'Ň',+'ň',+'ŉ',+'Ō',+'ō',+'Ŏ',+'ŏ',+'Ő',+'ő',+'Œ',+'œ',+'Ŕ',+'ŕ',+'Ŗ',+'ŗ',+'Ř',+'ř',+'Ś',+'ś',+'Ŝ',+'ŝ',+'Ş',+'ş',+'Š',+'š',+'Ţ',+'ţ',+'Ť',+'ť',+'Ŧ',+'ŧ',+'Ũ',+'ũ',+'Ū',+'ū',+'Ŭ',+'ŭ',+'Ů',+'ů',+'Ű',+'ű',+'Ų',+'ų',+'Ŵ',+'ŵ',+'Ŷ',+'ŷ',+'Ÿ',+'Ź',+'ź',+'Ż',+'ż',+'Ž',+'ž',+'ſ',+'ƒ',+'Ơ',+'ơ',+'Ư',+'ư',+'Ǎ',+'ǎ',+'Ǐ',+'ǐ',+'Ǒ',+'ǒ',+'Ǔ',+'ǔ',+'Ǖ',+'ǖ',+'Ǘ',+'ǘ',+'Ǚ',+'ǚ',+'Ǜ',+'ǜ',+'Ǻ',+'ǻ',+'Ǽ',+'ǽ',+'Ǿ',+'ǿ');+
++++$replace+=+array('A',+'A',+'A',+'A',+'A',+'A',+'AE',+'C',+'E',+'E',+'E',+'E',+'I',+'I',+'I',+'I',+'D',+'N',+'O',+'O',+'O',+'O',+'O',+'O',+'U',+'U',+'U',+'U',+'Y',+'s',+'a',+'a',+'a',+'a',+'a',+'a',+'ae',+'c',+'e',+'e',+'e',+'e',+'i',+'i',+'i',+'i',+'n',+'o',+'o',+'o',+'o',+'o',+'o',+'u',+'u',+'u',+'u',+'y',+'y',+'A',+'a',+'A',+'a',+'A',+'a',+'C',+'c',+'C',+'c',+'C',+'c',+'C',+'c',+'D',+'d',+'D',+'d',+'E',+'e',+'E',+'e',+'E',+'e',+'E',+'e',+'E',+'e',+'G',+'g',+'G',+'g',+'G',+'g',+'G',+'g',+'H',+'h',+'H',+'h',+'I',+'i',+'I',+'i',+'I',+'i',+'I',+'i',+'I',+'i',+'IJ',+'ij',+'J',+'j',+'K',+'k',+'L',+'l',+'L',+'l',+'L',+'l',+'L',+'l',+'l',+'l',+'N',+'n',+'N',+'n',+'N',+'n',+'n',+'O',+'o',+'O',+'o',+'O',+'o',+'OE',+'oe',+'R',+'r',+'R',+'r',+'R',+'r',+'S',+'s',+'S',+'s',+'S',+'s',+'S',+'s',+'T',+'t',+'T',+'t',+'T',+'t',+'U',+'u',+'U',+'u',+'U',+'u',+'U',+'u',+'U',+'u',+'U',+'u',+'W',+'w',+'Y',+'y',+'Y',+'Z',+'z',+'Z',+'z',+'Z',+'z',+'s',+'f',+'O',+'o',+'U',+'u',+'A',+'a',+'I',+'i',+'O',+'o',+'U',+'u',+'U',+'u',+'U',+'u',+'U',+'u',+'U',+'u',+'A',+'a',+'AE',+'ae',+'O',+'o');+
++++$url+=+str_replace($search,+$replace,+$url);

++++//replace+common+characters
++++$search+=+array('&',+'£',+'$');+
++++$replace+=+array('and',+'pounds',+'dollars');+
++++$url=+str_replace($search,+$replace,+$url);

++++//+remove+-+for+spaces+and+union+characters
++++$find+=+array('+',+'&',+'\r\n',+'\n',+'%2B',+',',+'//');
++++$url+=+str_replace($find,+'-',+$url);

++++//delete+and+replace+rest+of+special+chars
++++$find+=+array('/[%5Ea-z0-9\-<>]/',+'/[\-]%2B/',+'/<[%5E>]*>/');
++++$replace+=+array('',+'-',+'');
++++$uri+=+preg_replace($find,+$replace,+$url);

++++return+$uri;
}|code-block|syntax|javascript|3048925|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

I have adapted from another source and added a couple extra, maybe a little overkill

<pre><code>/**
 * Convert a string into a url safe address.
 *
 * @param string $unformatted
 * @return string
 */
public function formatURL($unformatted) {

 $url = strtolower(trim($unformatted));

 //replace accent characters, forien languages
 $search = array('À', 'Á', 'Â', 'Ã', 'Ä', 'Å', 'Æ', 'Ç', 'È', 'É', 'Ê', 'Ë', 'Ì', 'Í', 'Î', 'Ï', 'Ð', 'Ñ', 'Ò', 'Ó', 'Ô', 'Õ', 'Ö', 'Ø', 'Ù', 'Ú', 'Û', 'Ü', 'Ý', 'ß', 'à', 'á', 'â', 'ã', 'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ñ', 'ò', 'ó', 'ô', 'õ', 'ö', 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'ÿ', 'Ā', 'ā', 'Ă', 'ă', 'Ą', 'ą', 'Ć', 'ć', 'Ĉ', 'ĉ', 'Ċ', 'ċ', 'Č', 'č', 'Ď', 'ď', 'Đ', 'đ', 'Ē', 'ē', 'Ĕ', 'ĕ', 'Ė', 'ė', 'Ę', 'ę', 'Ě', 'ě', 'Ĝ', 'ĝ', 'Ğ', 'ğ', 'Ġ', 'ġ', 'Ģ', 'ģ', 'Ĥ', 'ĥ', 'Ħ', 'ħ', 'Ĩ', 'ĩ', 'Ī', 'ī', 'Ĭ', 'ĭ', 'Į', 'į', 'İ', 'ı', 'Ĳ', 'ĳ', 'Ĵ', 'ĵ', 'Ķ', 'ķ', 'Ĺ', 'ĺ', 'Ļ', 'ļ', 'Ľ', 'ľ', 'Ŀ', 'ŀ', 'Ł', 'ł', 'Ń', 'ń', 'Ņ', 'ņ', 'Ň', 'ň', 'ŉ', 'Ō', 'ō', 'Ŏ', 'ŏ', 'Ő', 'ő', 'Œ', 'œ', 'Ŕ', 'ŕ', 'Ŗ', 'ŗ', 'Ř', 'ř', 'Ś', 'ś', 'Ŝ', 'ŝ', 'Ş', 'ş', 'Š', 'š', 'Ţ', 'ţ', 'Ť', 'ť', 'Ŧ', 'ŧ', 'Ũ', 'ũ', 'Ū', 'ū', 'Ŭ', 'ŭ', 'Ů', 'ů', 'Ű', 'ű', 'Ų', 'ų', 'Ŵ', 'ŵ', 'Ŷ', 'ŷ', 'Ÿ', 'Ź', 'ź', 'Ż', 'ż', 'Ž', 'ž', 'ſ', 'ƒ', 'Ơ', 'ơ', 'Ư', 'ư', 'Ǎ', 'ǎ', 'Ǐ', 'ǐ', 'Ǒ', 'ǒ', 'Ǔ', 'ǔ', 'Ǖ', 'ǖ', 'Ǘ', 'ǘ', 'Ǚ', 'ǚ', 'Ǜ', 'ǜ', 'Ǻ', 'ǻ', 'Ǽ', 'ǽ', 'Ǿ', 'ǿ'); 
 $replace = array('A', 'A', 'A', 'A', 'A', 'A', 'AE', 'C', 'E', 'E', 'E', 'E', 'I', 'I', 'I', 'I', 'D', 'N', 'O', 'O', 'O', 'O', 'O', 'O', 'U', 'U', 'U', 'U', 'Y', 's', 'a', 'a', 'a', 'a', 'a', 'a', 'ae', 'c', 'e', 'e', 'e', 'e', 'i', 'i', 'i', 'i', 'n', 'o', 'o', 'o', 'o', 'o', 'o', 'u', 'u', 'u', 'u', 'y', 'y', 'A', 'a', 'A', 'a', 'A', 'a', 'C', 'c', 'C', 'c', 'C', 'c', 'C', 'c', 'D', 'd', 'D', 'd', 'E', 'e', 'E', 'e', 'E', 'e', 'E', 'e', 'E', 'e', 'G', 'g', 'G', 'g', 'G', 'g', 'G', 'g', 'H', 'h', 'H', 'h', 'I', 'i', 'I', 'i', 'I', 'i', 'I', 'i', 'I', 'i', 'IJ', 'ij', 'J', 'j', 'K', 'k', 'L', 'l', 'L', 'l', 'L', 'l', 'L', 'l', 'l', 'l', 'N', 'n', 'N', 'n', 'N', 'n', 'n', 'O', 'o', 'O', 'o', 'O', 'o', 'OE', 'oe', 'R', 'r', 'R', 'r', 'R', 'r', 'S', 's', 'S', 's', 'S', 's', 'S', 's', 'T', 't', 'T', 't', 'T', 't', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'W', 'w', 'Y', 'y', 'Y', 'Z', 'z', 'Z', 'z', 'Z', 'z', 's', 'f', 'O', 'o', 'U', 'u', 'A', 'a', 'I', 'i', 'O', 'o', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'U', 'u', 'A', 'a', 'AE', 'ae', 'O', 'o'); 
 $url = str_replace($search, $replace, $url);

 //replace common characters
 $search = array('&amp;', '£', '$'); 
 $replace = array('and', 'pounds', 'dollars'); 
 $url= str_replace($search, $replace, $url);

 // remove - for spaces and union characters
 $find = array(' ', '&amp;', '\r\n', '\n', '+', ',', '//');
 $url = str_replace($find, '-', $url);

 //delete and replace rest of special chars
 $find = array('/[^a-z0-9\-&lt;&gt;]/', '/[\-]+/', '/&lt;[^&gt;]*&gt;/');
 $replace = array('', '-', '');
 $uri = preg_replace($find, $replace, $url);

 return $uri;
}
</code></pre>

blocks|key|309973|text|这是一种保护上传文件名的好方法：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|309974|$file_name+=+trim(basename(stripslashes($name)),+".\x00..\x20");|code-block|syntax|javascript|309975|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

This is a nice way to secure an upload filename:

<pre><code>$file_name = trim(basename(stripslashes($name)), ".\x00..\x20");
</code></pre>

blocks|key|313071|text|这不是一个确切的答案，因为它没有提供任何解决方案(目前还没有！)，但它太大了，无法放在评论中……|type|unstyled|depth|inlineStyleRanges|entityRanges|data|313072|313073|我在Windows+7和Ubuntu+12.04上做了一些测试(关于文件名)，我发现：|313074|PHP不能处理非文件名|offset|length|style|BOLD|313075|虽然Windows和Ubuntu都可以处理Unicode文件名(甚至是RTL文件名)，但PHP5.3甚至需要hack才能处理普通的旧ISO-8859-1，所以为了安全起见，最好将其保留为ASCII。|313076|2.文件名的长度很重要(特别是在)|313077|在Ubuntu上，文件名的最大长度(包含扩展名)为255+(不包括路径)：|313078|/var/www/uploads/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345/|code-block|syntax|javascript|313079|但是，在Windows+7+(NTFS)上，文件名的最大长度取决于其绝对路径：|313080|(0+%2B+0+%2B+244+%2B+11+chars)+C:\1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234\1234567.txt
(0+%2B+3+%2B+240+%2B+11+chars)+C:\123\123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\1234567.txt
(3+%2B+3+%2B+236+%2B+11+chars)+C:\123\456\12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456\1234567.txt|313081|Wikipedia说：|313082|313083|+NTFS允许每个路径组件(目录或文件名)的长度为255个字符。|blockquote|313084|313085|313086|据我所知(和测试)，这是错误的。|313087|如果你去掉256个字符的C:\+(不是255个？！)，那么所有这些例子总共有259个字符。这些目录是使用资源管理器创建的，您会注意到它会限制自己使用目录名称的所有可用空间。这样做的原因是允许使用8.3+file+naming+convention创建文件。同样的事情也会发生在其他分区上。|CODE|313088|当然，文件不需要保留8.3长度的要求：|313089|(255+chars)+E:\12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901.txt|313090|如果父目录的绝对路径超过242个字符，则不能创建更多的子目录，因为256+=+242+%2B+1+%2B+\+%2B+8+%2B+.+%2B+3。使用Windows资源管理器，如果父目录超过233个字符(取决于系统区域设置)，则不能创建另一个目录，因为256+=+233+%2B+10+%2B+\+%2B+8+%2B+.+%2B+3；此处的10是字符串New+folder的长度。|313091|如果你想保证文件系统之间的互操作性，Windows文件系统会带来一个严重的问题。|313092|3.注意保留字符和关键字|313093|除了删除非ASCII、不可打印和控制字符外，还需要重新(放置/移动)：|313094|"*/:<>?\%7C|313095|仅仅删除这些字符可能不是最好的主意，因为文件名可能会失去一些意义。我认为，至少应该用一个下划线(_)来替换这些字符的多次出现，或者是更具代表性的东西(这只是一个想法)：|313096|313097|"*?+_|unordered-list-item|313098|/\%7C+-|313099|:+[+]-[+]|313100|<+(|313101|>+)|313102|+->|313103|也有special+keywords+that+should+be+avoided+(像NUL)，尽管我不确定如何克服它。也许一个带有随机名称后备的黑名单将是解决这个问题的一个好方法。|313104|4.区分大小写|313105|这应该是不言而喻的，但如果你想确保文件在不同操作系统上的唯一性，你应该将文件名转换为规范化的大小写，这样Linux上的my_file.txt和My_File.txt就不会成为Windows上的同一个my_file.txt文件。|313106|5.确保是唯一的|313107|如果文件名已存在，则返回指向其基本文件名的unique+identifier+should+be+appended。|313108|常见的唯一标识符包括UNIX时间戳、文件内容摘要或随机字符串。|313109|6.隐藏文件|313110|它可以被命名并不意味着它应该被命名。|313111|在文件名中，点通常是白名单中的，但在Linux中，隐藏文件用一个前导点表示。|313112|7.其他注意事项|313113|如果必须去掉文件名中的某些字符，则扩展名通常比文件的基名更重要。如果允许使用considerable+maximum+number+of+characters+for+the+file+extension+(8-16)，则应从基本名称中剥离字符。同样重要的是要注意，在不太可能有一个以上的长扩展名的情况下-例如_.graphmlz.tag.gz+-+_.graphmlz.tag，在这种情况下，应该只将_作为文件基名。|313114|8.资源|313115|Calibre很好地处理了文件名的损坏：|313116|313117|/src/calibre/utils/filenames.py|313118|/src/calibre/library/save_to_disk.py|313119|313120|Wikipedia+page+on+file+name+mangling和链接的chapter+from+Using+Samba。|313121|313122|例如，如果您尝试创建一个违反规则1/2/3的文件，您将得到一个非常有用的错误：|313123|Warning:+touch():+Unable+to+create+file+...+because+No+error+in+...+on+line+...|313124|entityMap|0|LINK|mutability|MUTABLE|url|http://en.wikipedia.org/wiki/Filename#Comparison_of_filename_limitations|1|http://en.wikipedia.org/wiki/8.3_filename|2|http://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words|3|https://github.com/alixaxel/phunction/blob/558431470922be267be2758051bb6ee4df8eb8fc/phunction/Disk.php#L508|4|http://alaeddin.tumblr.com/post/337616277/longest-file-extension-ever|5|http://calibre-ebook.com/|6|http://bazaar.launchpad.net/~kovid/calibre/trunk/view/head:/src/calibre/utils/filenames.py|7|http://bazaar.launchpad.net/~kovid/calibre/trunk/view/head:/src/calibre/library/save_to_disk.py|8|http://en.wikipedia.org/wiki/Filename_mangling|9|http://oreilly.com/catalog/samba/chapter/book/ch05_04.html^0|0|0|0|8|3|0|0|G|1|0|0|0|0|0|0|9|0|0|0|7|2|0|0|0|0|G|0|C|3|2P|Q|1|0|0|0|X|T|38|U|46|2|4C|A|0|0|0|C|0|0|0|1C|1|0|0|0|3|4|1|0|3|4|1|0|0|3|4|1|0|3|4|1|0|0|1|2|7|0|1|2|7|0|0|1|2|1|0|1|2|1|0|0|1|2|1|0|1|2|1|0|0|18|3|2|13|2|0|0|7|0|1N|B|1Z|B|2R|B|0|0|8|0|L|10|3|0|0|0|6|0|0|0|0|8|0|4B|H|4V|E|5L|1|12|1S|4|0|0|4|0|0|7|5|0|0|0|V|6|0|0|10|7|0|0|0|10|8|14|O|9|0|0|0|0^^$0|@$1|2|3|4|5|6|7|3Z|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|40|8|@]|9|@]|A|$]]|$1|C|3|D|5|6|7|41|8|@]|9|@]|A|$]]|$1|E|3|F|5|6|7|42|8|@$G|43|H|44|I|J]]|9|@]|A|$]]|$1|K|3|L|5|6|7|45|8|@]|9|@]|A|$]]|$1|M|3|N|5|6|7|46|8|@$G|47|H|48|I|J]]|9|@]|A|$]]|$1|O|3|P|5|6|7|49|8|@]|9|@]|A|$]]|$1|Q|3|R|5|S|7|4A|8|@]|9|@]|A|$T|U]]|$1|V|3|W|5|6|7|4B|8|@]|9|@]|A|$]]|$1|X|3|Y|5|S|7|4C|8|@]|9|@]|A|$T|U]]|$1|Z|3|10|5|6|7|4D|8|@]|9|@$G|4E|H|4F|1|4G]]|A|$]]|$1|11|3|-4|5|6|7|4H|8|@]|9|@]|A|$]]|$1|12|3|13|5|14|7|4I|8|@$G|4J|H|4K|I|J]]|9|@]|A|$]]|$1|15|3|-4|5|6|7|4L|8|@]|9|@]|A|$]]|$1|16|3|-4|5|6|7|4M|8|@]|9|@]|A|$]]|$1|17|3|18|5|6|7|4N|8|@$G|4O|H|4P|I|J]]|9|@]|A|$]]|$1|19|3|1A|5|6|7|4Q|8|@$G|4R|H|4S|I|1B]]|9|@$G|4T|H|4U|1|4V]]|A|$]]|$1|1C|3|1D|5|6|7|4W|8|@]|9|@]|A|$]]|$1|1E|3|1F|5|S|7|4X|8|@]|9|@]|A|$T|U]]|$1|1G|3|1H|5|6|7|4Y|8|@$G|4Z|H|50|I|1B]|$G|51|H|52|I|1B]|$G|53|H|54|I|1B]|$G|55|H|56|I|1B]]|9|@]|A|$]]|$1|1I|3|1J|5|6|7|57|8|@]|9|@]|A|$]]|$1|1K|3|1L|5|6|7|58|8|@$G|59|H|5A|I|J]]|9|@]|A|$]]|$1|1M|3|1N|5|6|7|5B|8|@]|9|@]|A|$]]|$1|1O|3|1P|5|S|7|5C|8|@]|9|@]|A|$T|U]]|$1|1Q|3|1R|5|6|7|5D|8|@$G|5E|H|5F|I|1B]]|9|@]|A|$]]|$1|1S|3|-4|5|6|7|5G|8|@]|9|@]|A|$]]|$1|1T|3|1U|5|1V|7|5H|8|@$G|5I|H|5J|I|J]|$G|5K|H|5L|I|J]|$G|5M|H|5N|I|1B]|$G|5O|H|5P|I|1B]]|9|@]|A|$]]|$1|1W|3|1X|5|1V|7|5Q|8|@$G|5R|H|5S|I|J]|$G|5T|H|5U|I|J]|$G|5V|H|5W|I|1B]|$G|5X|H|5Y|I|1B]]|9|@]|A|$]]|$1|1Y|3|1Z|5|1V|7|5Z|8|@$G|60|H|61|I|J]|$G|62|H|63|I|J]|$G|64|H|65|I|1B]|$G|66|H|67|I|1B]]|9|@]|A|$]]|$1|20|3|21|5|1V|7|68|8|@$G|69|H|6A|I|J]|$G|6B|H|6C|I|J]|$G|6D|H|6E|I|1B]|$G|6F|H|6G|I|1B]]|9|@]|A|$]]|$1|22|3|23|5|1V|7|6H|8|@$G|6I|H|6J|I|J]|$G|6K|H|6L|I|J]|$G|6M|H|6N|I|1B]|$G|6O|H|6P|I|1B]]|9|@]|A|$]]|$1|24|3|25|5|6|7|6Q|8|@]|9|@]|A|$]]|$1|26|3|27|5|6|7|6R|8|@$G|6S|H|6T|I|1B]]|9|@$G|6U|H|6V|1|6W]]|A|$]]|$1|28|3|29|5|6|7|6X|8|@$G|6Y|H|6Z|I|J]]|9|@]|A|$]]|$1|2A|3|2B|5|6|7|70|8|@$G|71|H|72|I|1B]|$G|73|H|74|I|1B]|$G|75|H|76|I|1B]]|9|@]|A|$]]|$1|2C|3|2D|5|6|7|77|8|@$G|78|H|79|I|J]]|9|@]|A|$]]|$1|2E|3|2F|5|6|7|7A|8|@]|9|@$G|7B|H|7C|1|7D]]|A|$]]|$1|2G|3|2H|5|6|7|7E|8|@]|9|@]|A|$]]|$1|2I|3|2J|5|6|7|7F|8|@$G|7G|H|7H|I|J]]|9|@]|A|$]]|$1|2K|3|2L|5|6|7|7I|8|@]|9|@]|A|$]]|$1|2M|3|2N|5|6|7|7J|8|@]|9|@]|A|$]]|$1|2O|3|2P|5|6|7|7K|8|@$G|7L|H|7M|I|J]]|9|@]|A|$]]|$1|2Q|3|2R|5|6|7|7N|8|@$G|7O|H|7P|I|1B]|$G|7Q|H|7R|I|1B]|$G|7S|H|7T|I|1B]]|9|@$G|7U|H|7V|1|7W]]|A|$]]|$1|2S|3|2T|5|6|7|7X|8|@$G|7Y|H|7Z|I|J]]|9|@]|A|$]]|$1|2U|3|2V|5|6|7|80|8|@]|9|@$G|81|H|82|1|83]]|A|$]]|$1|2W|3|-4|5|6|7|84|8|@]|9|@]|A|$]]|$1|2X|3|2Y|5|1V|7|85|8|@]|9|@$G|86|H|87|1|88]]|A|$]]|$1|2Z|3|30|5|1V|7|89|8|@]|9|@$G|8A|H|8B|1|8C]]|A|$]]|$1|31|3|-4|5|6|7|8D|8|@]|9|@]|A|$]]|$1|32|3|33|5|6|7|8E|8|@]|9|@$G|8F|H|8G|1|8H]|$G|8I|H|8J|1|8K]]|A|$]]|$1|34|3|-4|5|6|7|8L|8|@]|9|@]|A|$]]|$1|35|3|36|5|6|7|8M|8|@]|9|@]|A|$]]|$1|37|3|38|5|S|7|8N|8|@]|9|@]|A|$T|U]]|$1|39|3|-4|5|6|7|8O|8|@]|9|@]|A|$]]]|3A|$3B|$5|3C|3D|3E|A|$3F|3G]]|3H|$5|3C|3D|3E|A|$3F|3I]]|3J|$5|3C|3D|3E|A|$3F|3K]]|3L|$5|3C|3D|3E|A|$3F|3M]]|3N|$5|3C|3D|3E|A|$3F|3O]]|3P|$5|3C|3D|3E|A|$3F|3Q]]|3R|$5|3C|3D|3E|A|$3F|3S]]|3T|$5|3C|3D|3E|A|$3F|3U]]|3V|$5|3C|3D|3E|A|$3F|3W]]|3X|$5|3C|3D|3E|A|$3F|3Y]]]]

This isn't exactly an answer as it doesn't provide any solutions (yet!), but it's too big to fit on a comment...

<hr>

I did some testing (regarding file names) on Windows 7 and Ubuntu 12.04 and what I found out was that:

1. PHP Can't Handle non-ASCII Filenames

Although both Windows and Ubuntu can handle Unicode filenames (even RTL ones as it seems) PHP 5.3 requires hacks to deal even with the plain old ISO-8859-1, so it's better to keep it ASCII only for safety.

2. The Lenght of the Filename Matters (Specially on Windows)

On Ubuntu, the maximum length a filename can have (incluinding extension) is 255 (excluding path):

<pre><code>/var/www/uploads/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345/
</code></pre>

However, on Windows 7 (NTFS) the maximum lenght a filename can have depends on it's absolute path:

<pre><code>(0 + 0 + 244 + 11 chars) C:\1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234\1234567.txt
(0 + 3 + 240 + 11 chars) C:\123\123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890\1234567.txt
(3 + 3 + 236 + 11 chars) C:\123\456\12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456\1234567.txt
</code></pre>

<a href="http://en.wikipedia.org/wiki/Filename#Comparison_of_filename_limitations">Wikipedia</a> says that:

<blockquote>
 NTFS allows each path component (directory or filename) to be 255
 characters long.
</blockquote>

To the best of my knowledge (and testing), this is wrong.

In total (counting slashes) all these examples have 259 chars, if you strip the <code>C:\</code> that gives 256 characters (not 255?!). The directories where created using the Explorer and you'll notice that it restrains itself from using all the available space for the directory name. The reason for this is to allow the creation of files using the <a href="http://en.wikipedia.org/wiki/8.3_filename">8.3 file naming convention</a>. The same thing happens for other partitions.

Files don't need to reserve the 8.3 lenght requirements of course:

<pre><code>(255 chars) E:\12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901.txt
</code></pre>

You can't create any more sub-directories if the absolute path of the parent directory has more than 242 characters, because <code>256 = 242 + 1 + \ + 8 + . + 3</code>. Using Windows Explorer, you can't create another directory if the parent directory has more than 233 characters (depending on the system locale), because <code>256 = 233 + 10 + \ + 8 + . + 3</code>; the <code>10</code> here is the length of the string <code>New folder</code>.

Windows file system poses a nasty problem if you want to assure inter-operability between file systems.

3. Beware of Reserved Characters and Keywords

Aside from removing non-ASCII, non-printable and control characters, you also need to re(place/move):

<pre><code>"*/:&lt;&gt;?\|
</code></pre>

Just removing these characters might not be the best idea because the filename might lose some of it's meaning. I think that, at the very least, multiple occurences of these characters should be replaced by a single underscore (<code>_</code>), or perhaps something more representative (this is just an idea):

<ul>
<li><code>"*?</code> -> <code>_</code></li>
<li><code>/\|</code> -> <code>-</code></li>
<li><code>:</code> -> <code>[ ]-[ ]</code></li>
<li><code>&lt;</code> -> <code>(</code></li>
<li><code>&gt;</code> -> <code>)</code></li>
</ul>

There are also <a href="http://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words">special keywords that should be avoided</a> (like <code>NUL</code>), although I'm not sure how to overcome that. Perhaps a black list with a random name fallback would be a good approach to solve it.

4. Case Sensitiveness

This should go without saying, but if you want so ensure file uniqueness across different operating systems you should transform file names to a normalized case, that way <code>my_file.txt</code> and <code>My_File.txt</code> on Linux won't both become the same <code>my_file.txt</code> file on Windows.

5. Make Sure It's Unique

If the file name already exists, a <a href="https://github.com/alixaxel/phunction/blob/558431470922be267be2758051bb6ee4df8eb8fc/phunction/Disk.php#L508">unique identifier should be appended</a> to it's base file name.

Common unique identifiers include the UNIX timestamp, a digest of the file contents or a random string.

6. Hidden Files

Just because it can be named doesn't mean it should...

Dots are usually white-listed in file names but in Linux a hidden file is represented by a leading dot.

7. Other Considerations

If you have to strip some chars of the file name, the extension is usually more important than the base name of the file. Allowing a <a href="http://alaeddin.tumblr.com/post/337616277/longest-file-extension-ever">considerable maximum number of characters for the file extension</a> (8-16) one should strip the characters from the base name. It's also important to note that in the unlikely event of having a more than one long extension - such as <code>_.graphmlz.tag.gz</code> - <code>_.graphmlz.tag</code> only <code>_</code> should be considered as the file base name in this case.

8. Resources

<a href="http://calibre-ebook.com/">Calibre</a> handles file name mangling pretty decently:

<ul>
<li><a href="http://bazaar.launchpad.net/~kovid/calibre/trunk/view/head:/src/calibre/utils/filenames.py">/src/calibre/utils/filenames.py</a></li>
<li><a href="http://bazaar.launchpad.net/~kovid/calibre/trunk/view/head:/src/calibre/library/save_to_disk.py">/src/calibre/library/save_to_disk.py</a></li>
</ul>

<a href="http://en.wikipedia.org/wiki/Filename_mangling">Wikipedia page on file name mangling</a> and linked <a href="http://oreilly.com/catalog/samba/chapter/book/ch05_04.html">chapter from Using Samba</a>.

<hr>

If for instance, you try to create a file that violates any of the rules 1/2/3, you'll get a very useful error:

<pre><code>Warning: touch(): Unable to create file ... because No error in ... on line ...
</code></pre>

blocks|key|307944|text|Here's+CodeIgniter's+implementation.|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|307945|/**
+*+Sanitize+Filename
+*
+*+@param+++string++$str++++++++Input+file+name
+*+@param+++bool++++$relative_path++Whether+to+preserve+paths
+*+@return++string
+*/
public+function+sanitize_filename($str,+$relative_path+=+FALSE)
{
++++$bad+=+array(
++++++++'../',+'',+'<',+'>',
++++++++"'",+'"',+'&',+'$',+'#',
++++++++'{',+'}',+'[',+']',+'=',
++++++++';',+'?',+'%2520',+'%2522',
++++++++'%253c',++++++//+<
++++++++'%25253c',++++//+<
++++++++'%253e',++++++//+>
++++++++'%250e',++++++//+>
++++++++'%2528',++++++//+(
++++++++'%2529',++++++//+)
++++++++'%252528',++++//+(
++++++++'%2526',++++++//+&
++++++++'%2524',++++++//+$
++++++++'%253f',++++++//+?
++++++++'%253b',++++++//+;
++++++++'%253d'+++++++//+=
++++);

++++if+(+!+$relative_path)
++++{
++++++++$bad[]+=+'./';
++++++++$bad[]+=+'/';
++++}

++++$str+=+remove_invisible_characters($str,+FALSE);
++++return+stripslashes(str_replace($bad,+'',+$str));
}|code-block|syntax|javascript|307946|And+the+remove_invisible_characters+dependency.|style|CODE|307947|function+remove_invisible_characters($str,+$url_encoded+=+TRUE)
{
++++$non_displayables+=+array();

++++//+every+control+character+except+newline+(dec+10),
++++//+carriage+return+(dec+13)+and+horizontal+tab+(dec+09)
++++if+($url_encoded)
++++{
++++++++$non_displayables[]+=+'/%250[0-8bcef]/';++//+url+encoded+00-08,+11,+12,+14,+15
++++++++$non_displayables[]+=+'/%251[0-9a-f]/';+++//+url+encoded+16-31
++++}

++++$non_displayables[]+=+'/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]%2B/S';+++//+00-08,+11,+12,+14-31,+127

++++do
++++{
++++++++$str+=+preg_replace($non_displayables,+'',+$str,+-1,+$count);
++++}
++++while+($count);

++++return+$str;
}|307948|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/EllisLab/CodeIgniter/blob/develop/system/core/Security.php|1|https://github.com/EllisLab/CodeIgniter/blob/develop/system/core/Common.php^0|0|10|0|0|0|8|R|0|1B|1|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@$A|Z|B|10|1|11]]|C|$]]|$1|D|3|E|5|F|7|12|8|@]|9|@]|C|$G|H]]|$1|I|3|J|5|6|7|13|8|@$A|14|B|15|K|L]]|9|@$A|16|B|17|1|18]]|C|$]]|$1|M|3|N|5|F|7|19|8|@]|9|@]|C|$G|H]]|$1|O|3|-4|5|6|7|1A|8|@]|9|@]|C|$]]]|P|$Q|$5|R|S|T|C|$U|V]]|W|$5|R|S|T|C|$U|X]]]]

<a href="https://github.com/EllisLab/CodeIgniter/blob/develop/system/core/Security.php" rel="nofollow">Here's CodeIgniter's implementation.</a>

<pre><code>/**
 * Sanitize Filename
 *
 * @param string $str Input file name
 * @param bool $relative_path Whether to preserve paths
 * @return string
 */
public function sanitize_filename($str, $relative_path = FALSE)
{
 $bad = array(
 '../', '&lt;!--', '--&gt;', '&lt;', '&gt;',
 "'", '"', '&amp;', '$', '#',
 '{', '}', '[', ']', '=',
 ';', '?', '%20', '%22',
 '%3c', // &lt;
 '%253c', // &lt;
 '%3e', // &gt;
 '%0e', // &gt;
 '%28', // (
 '%29', // )
 '%2528', // (
 '%26', // &amp;
 '%24', // $
 '%3f', // ?
 '%3b', // ;
 '%3d' // =
 );

 if ( ! $relative_path)
 {
 $bad[] = './';
 $bad[] = '/';
 }

 $str = remove_invisible_characters($str, FALSE);
 return stripslashes(str_replace($bad, '', $str));
}
</code></pre>

<a href="https://github.com/EllisLab/CodeIgniter/blob/develop/system/core/Common.php" rel="nofollow">And the <code>remove_invisible_characters</code> dependency.</a>

<pre><code>function remove_invisible_characters($str, $url_encoded = TRUE)
{
 $non_displayables = array();

 // every control character except newline (dec 10),
 // carriage return (dec 13) and horizontal tab (dec 09)
 if ($url_encoded)
 {
 $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
 $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
 }

 $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127

 do
 {
 $str = preg_replace($non_displayables, '', $str, -1, $count);
 }
 while ($count);

 return $str;
}
</code></pre>

blocks|key|3262685|text|已经为这个问题提供了几种解决方案，但我已经阅读并测试了这里的大部分代码，我最终得到了这个解决方案，它是我在这里学到的东西的混合：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3262686|函数|3262687|该函数在这里捆绑在Symfony2捆绑包中，但它可以被提取出来作为纯PHP使用，它只与必须启用的iconv函数有依赖关系：|offset|length|style|BOLD|CODE|3262688|Filesystem.php|3262689|<?php

namespace+COil\Bundle\COilCoreBundle\Component\HttpKernel\Util;

use+Symfony\Component\HttpKernel\Util\Filesystem+as+BaseFilesystem;

/**
+*+Extends+the+Symfony+filesystem+object.
+*/
class+Filesystem+extends+BaseFilesystem
{
++++/**
+++++*+Make+a+filename+safe+to+use+in+any+function.+(Accents,+spaces,+special+chars...)
+++++*+The+iconv+function+must+be+activated.
+++++*
+++++*+@param+string++$fileName+++++++The+filename+to+sanitize+(with+or+without+extension)
+++++*+@param+string++$defaultIfEmpty+The+default+string+returned+for+a+non+valid+filename+(only+special+chars+or+separators)
+++++*+@param+string++$separator++++++The+default+separator
+++++*+@param+boolean+$lowerCase++++++Tells+if+the+string+must+converted+to+lower+case
+++++*
+++++*+@author+COil+<https://github.com/COil>
+++++*+@see++++http://stackoverflow.com/questions/2668854/sanitizing-strings-to-make-them-url-and-filename-safe
+++++*
+++++*+@return+string
+++++*/
++++public+function+sanitizeFilename($fileName,+$defaultIfEmpty+=+'default',+$separator+=+'_',+$lowerCase+=+true)
++++{
++++//+Gather+file+informations+and+store+its+extension
++++$fileInfos+=+pathinfo($fileName);
++++$fileExt+++=+array_key_exists('extension',+$fileInfos)+?+'.'.+strtolower($fileInfos['extension'])+:+'';

++++//+Removes+accents
++++$fileName+=+@iconv('UTF-8',+'us-ascii//TRANSLIT',+$fileInfos['filename']);

++++//+Removes+all+characters+that+are+not+separators,+letters,+numbers,+dots+or+whitespaces
++++$fileName+=+preg_replace("/[%5E+a-zA-Z".+preg_quote($separator).+"\d\.\s]/",+'',+$lowerCase+?+strtolower($fileName)+:+$fileName);

++++//+Replaces+all+successive+separators+into+a+single+one
++++$fileName+=+preg_replace('!['.+preg_quote($separator).'\s]%2B!u',+$separator,+$fileName);

++++//+Trim+beginning+and+ending+seperators
++++$fileName+=+trim($fileName,+$separator);

++++//+If+empty+use+the+default+string
++++if+(empty($fileName))+{
++++++++$fileName+=+$defaultIfEmpty;
++++}

++++return+$fileName.+$fileExt;
++++}
}|code-block|syntax|javascript|3262690|单元测试|3262691|有趣的是，我已经创建了PHPUnit测试，首先测试边缘用例，这样您就可以检查它是否满足您的需求：(如果您发现了错误，请随意添加测试用例)|3262692|FilesystemTest.php|3262693|<?php

namespace+COil\Bundle\COilCoreBundle\Tests\Unit\Helper;

use+COil\Bundle\COilCoreBundle\Component\HttpKernel\Util\Filesystem;

/**
+*+Test+the+Filesystem+custom+class.
+*/
class+FilesystemTest+extends+\PHPUnit_Framework_TestCase
{
++++/**
+++++*+test+sanitizeFilename()
+++++*/
++++public+function+testFilesystem()
++++{
++++$fs+=+new+Filesystem();

++++$this->assertEquals('logo_orange.gif',+$fs->sanitizeFilename('--logö++_++__+++___+++ora@@ñ--~gé--.gif'),+'::sanitizeFilename()+handles+complex+filename+with+specials+chars');
++++$this->assertEquals('coilstack',+$fs->sanitizeFilename('cOiLsTaCk'),+'::sanitizeFilename()+converts+all+characters+to+lower+case');
++++$this->assertEquals('cOiLsTaCk',+$fs->sanitizeFilename('cOiLsTaCk',+'default',+'_',+false),+'::sanitizeFilename()+lower+case+can+be+desactivated,+passing+false+as+the+4th+argument');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('coil+stack'),+'::sanitizeFilename()+convert+a+white+space+to+a+separator');
++++$this->assertEquals('coil-stack',+$fs->sanitizeFilename('coil+stack',+'default',+'-'),+'::sanitizeFilename()+can+use+a+different+separator+as+the+3rd+argument');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('coil++++++++++stack'),+'::sanitizeFilename()+removes+successive+white+spaces+to+a+single+separator');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('+++++++coil+stack'),+'::sanitizeFilename()+removes+spaces+at+the+beginning+of+the+string');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('coil+++stack+++++++++'),+'::sanitizeFilename()+removes+spaces+at+the+end+of+the+string');
++++$this->assertEquals('coilstack',+$fs->sanitizeFilename('coil,,,,,,stack'),+'::sanitizeFilename()+removes+non-ASCII+characters');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('coil_stack++'),+'::sanitizeFilename()+keeps+separators');
++++$this->assertEquals('coil_stack',+$fs->sanitizeFilename('+coil________stack'),+'::sanitizeFilename()+converts+successive+separators+into+a+single+one');
++++$this->assertEquals('coil_stack.gif',+$fs->sanitizeFilename('cOil+Stack.GiF'),+'::sanitizeFilename()+lower+case+filename+and+extension');
++++$this->assertEquals('copy_of_coil.stack.exe',+$fs->sanitizeFilename('Copy+of+coil.stack.exe'),+'::sanitizeFilename()+keeps+dots+before+the+extension');
++++$this->assertEquals('default.doc',+$fs->sanitizeFilename('____________.doc'),+'::sanitizeFilename()+returns+a+default+file+name+if+filename+only+contains+special+chars');
++++$this->assertEquals('default.docx',+$fs->sanitizeFilename('+++++___+-++--_+++++__%25%25%25%25__¨¨¨***____++++++.docx'),+'::sanitizeFilename()+returns+a+default+file+name+if+filename+only+contains+special+chars');
++++$this->assertEquals('logo_edition_1314352521.jpg',+$fs->sanitizeFilename('logo_edition_1314352521.jpg'),+'::sanitizeFilename()+returns+the+filename+untouched+if+it+does+not+need+to+be+modified');
++++$userId+=+rand(1,+10);
++++$this->assertEquals('user_doc_'.+$userId.+'.doc',+$fs->sanitizeFilename('亐亐亐亐亐.doc',+'user_doc_'.+$userId),+'::sanitizeFilename()+returns+the+default+string+(the+2nd+argument)+if+it+can\'t+be+sanitized');
++++}
}|3262694|测试结果：(在使用PHP5.3.2的Ubuntu和使用PHP5.3.17的MacOsX上检查：|3262695|All+tests+pass:

phpunit+-c+app/+src/COil/Bundle/COilCoreBundle/Tests/Unit/Helper/FilesystemTest.php
PHPUnit+3.6.10+by+Sebastian+Bergmann.

Configuration+read+from+/var/www/strangebuzz.com/app/phpunit.xml.dist

.

Time:+0+seconds,+Memory:+5.75Mb

OK+(1+test,+17+assertions)|3262696|entityMap^0|0|0|9|8|X|4|1C|5|0|0|E|0|0|0|0|0|I|0|0|I|6|11|6|0|0^^$0|@$1|2|3|4|5|6|7|15|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|16|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|17|8|@$F|18|G|19|H|I]|$F|1A|G|1B|H|I]|$F|1C|G|1D|H|J]]|9|@]|A|$]]|$1|K|3|L|5|6|7|1E|8|@$F|1F|G|1G|H|I]]|9|@]|A|$]]|$1|M|3|N|5|O|7|1H|8|@]|9|@]|A|$P|Q]]|$1|R|3|S|5|6|7|1I|8|@]|9|@]|A|$]]|$1|T|3|U|5|6|7|1J|8|@]|9|@]|A|$]]|$1|V|3|W|5|6|7|1K|8|@$F|1L|G|1M|H|I]]|9|@]|A|$]]|$1|X|3|Y|5|O|7|1N|8|@]|9|@]|A|$P|Q]]|$1|Z|3|10|5|6|7|1O|8|@$F|1P|G|1Q|H|I]|$F|1R|G|1S|H|I]]|9|@]|A|$]]|$1|11|3|12|5|O|7|1T|8|@]|9|@]|A|$P|Q]]|$1|13|3|-4|5|6|7|1U|8|@]|9|@]|A|$]]]|14|$]]

There are already several solutions provided for this question but I have read and tested most of the code here and I ended up with this solution which is a mix of what I learned here:

<h2>The function</h2>

The function is bundled here in a Symfony2 bundle but it can be extracted to be used as plain PHP, it only has a dependency with the <code>iconv</code> function that must be enabled:

Filesystem.php:

<pre><code>&lt;?php

namespace COil\Bundle\COilCoreBundle\Component\HttpKernel\Util;

use Symfony\Component\HttpKernel\Util\Filesystem as BaseFilesystem;

/**
 * Extends the Symfony filesystem object.
 */
class Filesystem extends BaseFilesystem
{
 /**
 * Make a filename safe to use in any function. (Accents, spaces, special chars...)
 * The iconv function must be activated.
 *
 * @param string $fileName The filename to sanitize (with or without extension)
 * @param string $defaultIfEmpty The default string returned for a non valid filename (only special chars or separators)
 * @param string $separator The default separator
 * @param boolean $lowerCase Tells if the string must converted to lower case
 *
 * @author COil &lt;https://github.com/COil&gt;
 * @see http://stackoverflow.com/questions/2668854/sanitizing-strings-to-make-them-url-and-filename-safe
 *
 * @return string
 */
 public function sanitizeFilename($fileName, $defaultIfEmpty = 'default', $separator = '_', $lowerCase = true)
 {
 // Gather file informations and store its extension
 $fileInfos = pathinfo($fileName);
 $fileExt = array_key_exists('extension', $fileInfos) ? '.'. strtolower($fileInfos['extension']) : '';

 // Removes accents
 $fileName = @iconv('UTF-8', 'us-ascii//TRANSLIT', $fileInfos['filename']);

 // Removes all characters that are not separators, letters, numbers, dots or whitespaces
 $fileName = preg_replace("/[^ a-zA-Z". preg_quote($separator). "\d\.\s]/", '', $lowerCase ? strtolower($fileName) : $fileName);

 // Replaces all successive separators into a single one
 $fileName = preg_replace('!['. preg_quote($separator).'\s]+!u', $separator, $fileName);

 // Trim beginning and ending seperators
 $fileName = trim($fileName, $separator);

 // If empty use the default string
 if (empty($fileName)) {
 $fileName = $defaultIfEmpty;
 }

 return $fileName. $fileExt;
 }
}
</code></pre>

<h2>The unit tests</h2>

What is interesting is that I have created PHPUnit tests, first to test edge cases and so you can check if it fits your needs:
(If you find a bug, feel free to add a test case)

FilesystemTest.php:

<pre><code>&lt;?php

namespace COil\Bundle\COilCoreBundle\Tests\Unit\Helper;

use COil\Bundle\COilCoreBundle\Component\HttpKernel\Util\Filesystem;

/**
 * Test the Filesystem custom class.
 */
class FilesystemTest extends \PHPUnit_Framework_TestCase
{
 /**
 * test sanitizeFilename()
 */
 public function testFilesystem()
 {
 $fs = new Filesystem();

 $this-&gt;assertEquals('logo_orange.gif', $fs-&gt;sanitizeFilename('--logö _ __ ___ ora@@ñ--~gé--.gif'), '::sanitizeFilename() handles complex filename with specials chars');
 $this-&gt;assertEquals('coilstack', $fs-&gt;sanitizeFilename('cOiLsTaCk'), '::sanitizeFilename() converts all characters to lower case');
 $this-&gt;assertEquals('cOiLsTaCk', $fs-&gt;sanitizeFilename('cOiLsTaCk', 'default', '_', false), '::sanitizeFilename() lower case can be desactivated, passing false as the 4th argument');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename('coil stack'), '::sanitizeFilename() convert a white space to a separator');
 $this-&gt;assertEquals('coil-stack', $fs-&gt;sanitizeFilename('coil stack', 'default', '-'), '::sanitizeFilename() can use a different separator as the 3rd argument');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename('coil stack'), '::sanitizeFilename() removes successive white spaces to a single separator');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename(' coil stack'), '::sanitizeFilename() removes spaces at the beginning of the string');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename('coil stack '), '::sanitizeFilename() removes spaces at the end of the string');
 $this-&gt;assertEquals('coilstack', $fs-&gt;sanitizeFilename('coil,,,,,,stack'), '::sanitizeFilename() removes non-ASCII characters');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename('coil_stack '), '::sanitizeFilename() keeps separators');
 $this-&gt;assertEquals('coil_stack', $fs-&gt;sanitizeFilename(' coil________stack'), '::sanitizeFilename() converts successive separators into a single one');
 $this-&gt;assertEquals('coil_stack.gif', $fs-&gt;sanitizeFilename('cOil Stack.GiF'), '::sanitizeFilename() lower case filename and extension');
 $this-&gt;assertEquals('copy_of_coil.stack.exe', $fs-&gt;sanitizeFilename('Copy of coil.stack.exe'), '::sanitizeFilename() keeps dots before the extension');
 $this-&gt;assertEquals('default.doc', $fs-&gt;sanitizeFilename('____________.doc'), '::sanitizeFilename() returns a default file name if filename only contains special chars');
 $this-&gt;assertEquals('default.docx', $fs-&gt;sanitizeFilename(' ___ - --_ __%%%%__¨¨¨***____ .docx'), '::sanitizeFilename() returns a default file name if filename only contains special chars');
 $this-&gt;assertEquals('logo_edition_1314352521.jpg', $fs-&gt;sanitizeFilename('logo_edition_1314352521.jpg'), '::sanitizeFilename() returns the filename untouched if it does not need to be modified');
 $userId = rand(1, 10);
 $this-&gt;assertEquals('user_doc_'. $userId. '.doc', $fs-&gt;sanitizeFilename('亐亐亐亐亐.doc', 'user_doc_'. $userId), '::sanitizeFilename() returns the default string (the 2nd argument) if it can\'t be sanitized');
 }
}
</code></pre>

The test results: (checked on Ubuntu with PHP 5.3.2 and MacOsX with PHP 5.3.17:

<pre><code>All tests pass:

phpunit -c app/ src/COil/Bundle/COilCoreBundle/Tests/Unit/Helper/FilesystemTest.php
PHPUnit 3.6.10 by Sebastian Bergmann.

Configuration read from /var/www/strangebuzz.com/app/phpunit.xml.dist

.

Time: 0 seconds, Memory: 5.75Mb

OK (1 test, 17 assertions)
</code></pre>

blocks|key|3049056|text|在我所有的文章中，这篇文章似乎工作得最好。http://gsynuh.com/php-string-filename-url-safe/205|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3049057|entityMap|0|LINK|mutability|MUTABLE|url|http://gsynuh.com/php-string-filename-url-safe/205^0|L|1E|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

This post seems to work the best among all that I have tied. <a href="http://gsynuh.com/php-string-filename-url-safe/205" rel="nofollow">http://gsynuh.com/php-string-filename-url-safe/205</a>

blocks|key|3262708|text|这是Prestashop用来清理urls的代码：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3262709|replaceAccentedChars|code-block|syntax|javascript|3262710|使用的是|3262711|str2url|3262712|删除变音符号|3262713|function+replaceAccentedChars($str)
{
++++$patterns+=+array(
++++++++/*+Lowercase+*/
++++++++'/[\x{0105}\x{00E0}\x{00E1}\x{00E2}\x{00E3}\x{00E4}\x{00E5}]/u',
++++++++'/[\x{00E7}\x{010D}\x{0107}]/u',
++++++++'/[\x{010F}]/u',
++++++++'/[\x{00E8}\x{00E9}\x{00EA}\x{00EB}\x{011B}\x{0119}]/u',
++++++++'/[\x{00EC}\x{00ED}\x{00EE}\x{00EF}]/u',
++++++++'/[\x{0142}\x{013E}\x{013A}]/u',
++++++++'/[\x{00F1}\x{0148}]/u',
++++++++'/[\x{00F2}\x{00F3}\x{00F4}\x{00F5}\x{00F6}\x{00F8}]/u',
++++++++'/[\x{0159}\x{0155}]/u',
++++++++'/[\x{015B}\x{0161}]/u',
++++++++'/[\x{00DF}]/u',
++++++++'/[\x{0165}]/u',
++++++++'/[\x{00F9}\x{00FA}\x{00FB}\x{00FC}\x{016F}]/u',
++++++++'/[\x{00FD}\x{00FF}]/u',
++++++++'/[\x{017C}\x{017A}\x{017E}]/u',
++++++++'/[\x{00E6}]/u',
++++++++'/[\x{0153}]/u',

++++++++/*+Uppercase+*/
++++++++'/[\x{0104}\x{00C0}\x{00C1}\x{00C2}\x{00C3}\x{00C4}\x{00C5}]/u',
++++++++'/[\x{00C7}\x{010C}\x{0106}]/u',
++++++++'/[\x{010E}]/u',
++++++++'/[\x{00C8}\x{00C9}\x{00CA}\x{00CB}\x{011A}\x{0118}]/u',
++++++++'/[\x{0141}\x{013D}\x{0139}]/u',
++++++++'/[\x{00D1}\x{0147}]/u',
++++++++'/[\x{00D3}]/u',
++++++++'/[\x{0158}\x{0154}]/u',
++++++++'/[\x{015A}\x{0160}]/u',
++++++++'/[\x{0164}]/u',
++++++++'/[\x{00D9}\x{00DA}\x{00DB}\x{00DC}\x{016E}]/u',
++++++++'/[\x{017B}\x{0179}\x{017D}]/u',
++++++++'/[\x{00C6}]/u',
++++++++'/[\x{0152}]/u');

++++$replacements+=+array(
++++++++++++'a',+'c',+'d',+'e',+'i',+'l',+'n',+'o',+'r',+'s',+'ss',+'t',+'u',+'y',+'z',+'ae',+'oe',
++++++++++++'A',+'C',+'D',+'E',+'L',+'N',+'O',+'R',+'S',+'T',+'U',+'Z',+'AE',+'OE'
++++++++);

++++return+preg_replace($patterns,+$replacements,+$str);
}

function+str2url($str)
{
++++if+(function_exists('mb_strtolower'))
++++++++$str+=+mb_strtolower($str,+'utf-8');

++++$str+=+trim($str);
++++if+(!function_exists('mb_strtolower'))
++++++++$str+=+replaceAccentedChars($str);

++++//+Remove+all+non-whitelist+chars.
++++$str+=+preg_replace('/[%5Ea-zA-Z0-9\s\'\:\/\[\]-\pL]/u',+'',+$str);
++++$str+=+preg_replace('/[\s\'\:\/\[\]-]%2B/',+'+',+$str);
++++$str+=+str_replace(array('+',+'/'),+'-',+$str);

++++//+If+it+was+not+possible+to+lowercase+the+string+with+mb_strtolower,+we+do+it+after+the+transformations.
++++//+This+way+we+lose+fewer+special+chars.
++++if+(!function_exists('mb_strtolower'))
++++++++$str+=+strtolower($str);

++++return+$str;
}|3262714|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|R|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|S|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|U|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|O|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|P|$]]

This is the code used by Prestashop to sanitize urls :

<pre><code>replaceAccentedChars
</code></pre>

is used by 

<pre><code>str2url
</code></pre>

to remove diacritics

<pre><code>function replaceAccentedChars($str)
{
 $patterns = array(
 /* Lowercase */
 '/[\x{0105}\x{00E0}\x{00E1}\x{00E2}\x{00E3}\x{00E4}\x{00E5}]/u',
 '/[\x{00E7}\x{010D}\x{0107}]/u',
 '/[\x{010F}]/u',
 '/[\x{00E8}\x{00E9}\x{00EA}\x{00EB}\x{011B}\x{0119}]/u',
 '/[\x{00EC}\x{00ED}\x{00EE}\x{00EF}]/u',
 '/[\x{0142}\x{013E}\x{013A}]/u',
 '/[\x{00F1}\x{0148}]/u',
 '/[\x{00F2}\x{00F3}\x{00F4}\x{00F5}\x{00F6}\x{00F8}]/u',
 '/[\x{0159}\x{0155}]/u',
 '/[\x{015B}\x{0161}]/u',
 '/[\x{00DF}]/u',
 '/[\x{0165}]/u',
 '/[\x{00F9}\x{00FA}\x{00FB}\x{00FC}\x{016F}]/u',
 '/[\x{00FD}\x{00FF}]/u',
 '/[\x{017C}\x{017A}\x{017E}]/u',
 '/[\x{00E6}]/u',
 '/[\x{0153}]/u',

 /* Uppercase */
 '/[\x{0104}\x{00C0}\x{00C1}\x{00C2}\x{00C3}\x{00C4}\x{00C5}]/u',
 '/[\x{00C7}\x{010C}\x{0106}]/u',
 '/[\x{010E}]/u',
 '/[\x{00C8}\x{00C9}\x{00CA}\x{00CB}\x{011A}\x{0118}]/u',
 '/[\x{0141}\x{013D}\x{0139}]/u',
 '/[\x{00D1}\x{0147}]/u',
 '/[\x{00D3}]/u',
 '/[\x{0158}\x{0154}]/u',
 '/[\x{015A}\x{0160}]/u',
 '/[\x{0164}]/u',
 '/[\x{00D9}\x{00DA}\x{00DB}\x{00DC}\x{016E}]/u',
 '/[\x{017B}\x{0179}\x{017D}]/u',
 '/[\x{00C6}]/u',
 '/[\x{0152}]/u');

 $replacements = array(
 'a', 'c', 'd', 'e', 'i', 'l', 'n', 'o', 'r', 's', 'ss', 't', 'u', 'y', 'z', 'ae', 'oe',
 'A', 'C', 'D', 'E', 'L', 'N', 'O', 'R', 'S', 'T', 'U', 'Z', 'AE', 'OE'
 );

 return preg_replace($patterns, $replacements, $str);
}

function str2url($str)
{
 if (function_exists('mb_strtolower'))
 $str = mb_strtolower($str, 'utf-8');

 $str = trim($str);
 if (!function_exists('mb_strtolower'))
 $str = replaceAccentedChars($str);

 // Remove all non-whitelist chars.
 $str = preg_replace('/[^a-zA-Z0-9\s\'\:\/\[\]-\pL]/u', '', $str);
 $str = preg_replace('/[\s\'\:\/\[\]-]+/', ' ', $str);
 $str = str_replace(array(' ', '/'), '-', $str);

 // If it was not possible to lowercase the string with mb_strtolower, we do it after the transformations.
 // This way we lose fewer special chars.
 if (!function_exists('mb_strtolower'))
 $str = strtolower($str);

 return $str;
}
</code></pre>

blocks|key|3049081|text|使用it+https://stackoverflow.com/a/3987966/971619或it+https://stackoverflow.com/a/7610586/971619可以很好地处理您的数据|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3049082|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/a/3987966/971619|1|https://stackoverflow.com/a/7610586/971619^0|5|16|0|1F|16|1|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@$A|O|B|P|1|Q]|$A|R|B|S|1|T]]|C|$]]|$1|D|3|-4|5|6|7|U|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]|L|$5|G|H|I|C|$J|M]]]]

There is 2 good answers to slugfy your data, use it <a href="https://stackoverflow.com/a/3987966/971619">https://stackoverflow.com/a/3987966/971619</a> or it <a href="https://stackoverflow.com/a/7610586/971619">https://stackoverflow.com/a/7610586/971619</a>

blocks|key|307962|text|这是来自JFile::makeSafe($file)的Joomla+3.3.2版本|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|307963|public+static+function+makeSafe($file)
{
++++//+Remove+any+trailing+dots,+as+those+aren't+ever+valid+file+names.
++++$file+=+rtrim($file,+'.');

++++$regex+=+array('#(\.){2,}#',+'#[%5EA-Za-z0-9\.\_\-+]#',+'#%5E\.#');

++++return+trim(preg_replace($regex,+'',+$file));
}|code-block|syntax|javascript|307964|entityMap|0|LINK|mutability|MUTABLE|url|https://api.joomla.org/cms-3/classes/JFile.html#method_makeSafe^0|4|M|4|M|0|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@$9|T|A|U|B|C]]|D|@$9|V|A|W|1|X]]|E|$]]|$1|F|3|G|5|H|7|Y|8|@]|D|@]|E|$I|J]]|$1|K|3|-4|5|6|7|Z|8|@]|D|@]|E|$]]]|L|$M|$5|N|O|P|E|$Q|R]]]]

and this is Joomla 3.3.2 version from <a href="https://api.joomla.org/cms-3/classes/JFile.html#method_makeSafe" rel="nofollow noreferrer"><code>JFile::makeSafe($file)</code></a>

<pre><code>public static function makeSafe($file)
{
 // Remove any trailing dots, as those aren't ever valid file names.
 $file = rtrim($file, '.');

 $regex = array('#(\.){2,}#', '#[^A-Za-z0-9\.\_\- ]#', '#^\.#');

 return trim(preg_replace($regex, '', $file));
}
</code></pre>

blocks|key|3049087|text|这是一个很好的函数：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3049088|public+function+getFriendlyURL($string)+{
++++setlocale(LC_CTYPE,+'en_US.UTF8');
++++$string+=+iconv('UTF-8',+'ASCII//TRANSLIT//IGNORE',+$string);
++++$string+=+preg_replace('~[%5E\-\pL\pN\s]%2B~u',+'-',+$string);
++++$string+=+str_replace('+',+'-',+$string);
++++$string+=+trim($string,+"-");
++++$string+=+strtolower($string);
++++return+$string;
}+|code-block|syntax|javascript|3049089|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

This is a good function:

<pre><code>public function getFriendlyURL($string) {
 setlocale(LC_CTYPE, 'en_US.UTF8');
 $string = iconv('UTF-8', 'ASCII//TRANSLIT//IGNORE', $string);
 $string = preg_replace('~[^\-\pL\pN\s]+~u', '-', $string);
 $string = str_replace(' ', '-', $string);
 $string = trim($string, "-");
 $string = strtolower($string);
 return $string;
} 
</code></pre>

blocks|key|307966|text|我有各种奇怪的拉丁字符的条目标题，以及一些HTML标签，我需要将它们转换为有用的破折号分隔的文件名格式。我将@SoLoGHoST的答案与@Xeoncross的答案中的几个项目结合起来，并进行了一些定制。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|307967|++++function+sanitize($string,$force_lowercase=true)+{
++++//Clean+up+titles+for+filenames
++++$clean+=+strip_tags($string);
++++$clean+=+strtr($clean,+array('Š'+=>+'S','Ž'+=>+'Z','š'+=>+'s','ž'+=>+'z','Ÿ'+=>+'Y','À'+=>+'A','Á'+=>+'A','Â'+=>+'A','Ã'+=>+'A','Ä'+=>+'A','Å'+=>+'A','Ç'+=>+'C','È'+=>+'E','É'+=>+'E','Ê'+=>+'E','Ë'+=>+'E','Ì'+=>+'I','Í'+=>+'I','Î'+=>+'I','Ï'+=>+'I','Ñ'+=>+'N','Ò'+=>+'O','Ó'+=>+'O','Ô'+=>+'O','Õ'+=>+'O','Ö'+=>+'O','Ø'+=>+'O','Ù'+=>+'U','Ú'+=>+'U','Û'+=>+'U','Ü'+=>+'U','Ý'+=>+'Y','à'+=>+'a','á'+=>+'a','â'+=>+'a','ã'+=>+'a','ä'+=>+'a','å'+=>+'a','ç'+=>+'c','è'+=>+'e','é'+=>+'e','ê'+=>+'e','ë'+=>+'e','ì'+=>+'i','í'+=>+'i','î'+=>+'i','ï'+=>+'i','ñ'+=>+'n','ò'+=>+'o','ó'+=>+'o','ô'+=>+'o','õ'+=>+'o','ö'+=>+'o','ø'+=>+'o','ù'+=>+'u','ú'+=>+'u','û'+=>+'u','ü'+=>+'u','ý'+=>+'y','ÿ'+=>+'y'));
++++$clean+=+strtr($clean,+array('Þ'+=>+'TH',+'þ'+=>+'th',+'Ð'+=>+'DH',+'ð'+=>+'dh',+'ß'+=>+'ss',+'Œ'+=>+'OE',+'œ'+=>+'oe',+'Æ'+=>+'AE',+'æ'+=>+'ae',+'µ'+=>+'u','—'+=>+'-'));
++++$clean+=+str_replace("--",+"-",+preg_replace("/[%5Ea-z0-9-]/i",+"",+preg_replace(array('/\s/',+'/[%5E\w-\.\-]/'),+array('-',+''),+$clean)));

++++return+($force_lowercase)+?
++++++++(function_exists('mb_strtolower'))+?
++++++++++++mb_strtolower($clean,+'UTF-8')+:
++++++++++++strtolower($clean)+:
++++++++$clean;
}|code-block|syntax|javascript|307968|我需要手动将破折号(-)添加到转换数组中。可能还有其他文件，但到目前为止，我的文件名看起来还不错。|307969|所以：|307970|第一部分:我爸爸的“Žurburts”？-他们(不)是最好的！|307971|变成：|307972|part-1-my-dads-zurburts-theyre-not-the-best|offset|length|style|BOLD|307973|我只需在返回的字符串中添加".html“。|307974|entityMap^0|0|0|0|0|0|0|0|17|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|10|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|11|8|@]|9|@]|A|$]]|$1|K|3|L|5|6|7|12|8|@]|9|@]|A|$]]|$1|M|3|N|5|6|7|13|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|14|8|@$Q|15|R|16|S|T]]|9|@]|A|$]]|$1|U|3|V|5|6|7|17|8|@]|9|@]|A|$]]|$1|W|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|X|$]]

I have entry titles with all kinds of weird latin characters as well as some HTML tags that I needed to translate into a useful dash-delimited filename format. I combined @SoLoGHoST's answer with a couple of items from @Xeoncross's answer and customized a bit.

<pre><code> function sanitize($string,$force_lowercase=true) {
 //Clean up titles for filenames
 $clean = strip_tags($string);
 $clean = strtr($clean, array('Š' =&gt; 'S','Ž' =&gt; 'Z','š' =&gt; 's','ž' =&gt; 'z','Ÿ' =&gt; 'Y','À' =&gt; 'A','Á' =&gt; 'A','Â' =&gt; 'A','Ã' =&gt; 'A','Ä' =&gt; 'A','Å' =&gt; 'A','Ç' =&gt; 'C','È' =&gt; 'E','É' =&gt; 'E','Ê' =&gt; 'E','Ë' =&gt; 'E','Ì' =&gt; 'I','Í' =&gt; 'I','Î' =&gt; 'I','Ï' =&gt; 'I','Ñ' =&gt; 'N','Ò' =&gt; 'O','Ó' =&gt; 'O','Ô' =&gt; 'O','Õ' =&gt; 'O','Ö' =&gt; 'O','Ø' =&gt; 'O','Ù' =&gt; 'U','Ú' =&gt; 'U','Û' =&gt; 'U','Ü' =&gt; 'U','Ý' =&gt; 'Y','à' =&gt; 'a','á' =&gt; 'a','â' =&gt; 'a','ã' =&gt; 'a','ä' =&gt; 'a','å' =&gt; 'a','ç' =&gt; 'c','è' =&gt; 'e','é' =&gt; 'e','ê' =&gt; 'e','ë' =&gt; 'e','ì' =&gt; 'i','í' =&gt; 'i','î' =&gt; 'i','ï' =&gt; 'i','ñ' =&gt; 'n','ò' =&gt; 'o','ó' =&gt; 'o','ô' =&gt; 'o','õ' =&gt; 'o','ö' =&gt; 'o','ø' =&gt; 'o','ù' =&gt; 'u','ú' =&gt; 'u','û' =&gt; 'u','ü' =&gt; 'u','ý' =&gt; 'y','ÿ' =&gt; 'y'));
 $clean = strtr($clean, array('Þ' =&gt; 'TH', 'þ' =&gt; 'th', 'Ð' =&gt; 'DH', 'ð' =&gt; 'dh', 'ß' =&gt; 'ss', 'Œ' =&gt; 'OE', 'œ' =&gt; 'oe', 'Æ' =&gt; 'AE', 'æ' =&gt; 'ae', 'µ' =&gt; 'u','—' =&gt; '-'));
 $clean = str_replace("--", "-", preg_replace("/[^a-z0-9-]/i", "", preg_replace(array('/\s/', '/[^\w-\.\-]/'), array('-', ''), $clean)));

 return ($force_lowercase) ?
 (function_exists('mb_strtolower')) ?
 mb_strtolower($clean, 'UTF-8') :
 strtolower($clean) :
 $clean;
}
</code></pre>

I needed to manually add the em dash character (—) to the translation array. There may be others but so far my file names are looking good.

So:

Part 1: My dad’s “Žurburts”?—they’re (not) the best!

becomes:

part-1-my-dads-zurburts-theyre-not-the-best

I just add ".html" to the returned string.

blocks|key|3049091|text|解决方案#1:您可以在服务器(主机)上安装PHP扩展|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3049092|将“地球上几乎每一种语言”音译成ASCII字符。|3049093|3049094|首先安装PHP+Intl扩展。这是适用于Debian+(Ubuntu)的命令：sudo+aptitude+install+php5-intl|ordered-list-item|offset|length|style|CODE|3049095|This是我的fileName函数(创建test.php并粘贴以下代码)：|3049096|3049097|​|3049098|<!doctype+html>
<html+lang="en">
<head>
<meta+charset="utf-8">
<title>Test</title>
</head>
<body>
<?php

function+pr($string)+{
++print+'<hr>';
++print+'"'+.+fileName($string)+.+'"';
++print+' ';
++print+'"'+.+$string+.+'"';
}

function+fileName($string)+{
++//+remove+html+tags
++$clean+=+strip_tags($string);
++//+transliterate
++$clean+=+transliterator_transliterate('Any-Latin;Latin-ASCII;',+$clean);
++//+remove+non-number+and+non-letter+characters
++$clean+=+str_replace('--',+'-',+preg_replace('/[%5Ea-z0-9-\_]/i',+'',+preg_replace(array(
++++'/\s/',+
++++'/[%5E\w-\.\-]/'
++),+array(
++++'_',+
++++''
++),+$clean)));
++//+replace+'-'+for+'_'
++$clean+=+strtr($clean,+array(
++++'-'+=>+'_'
++));
++//+remove+double+'__'
++$positionInString+=+stripos($clean,+'__');
++while+($positionInString+!==+false)+{
++++$clean+=+str_replace('__',+'_',+$clean);
++++$positionInString+=+stripos($clean,+'__');
++}
++//+remove+'_'+from+the+end+and+beginning+of+the+string
++$clean+=+rtrim(ltrim($clean,+'_'),+'_');
++//+lowercase+the+string
++return+strtolower($clean);
}
pr('_replace(\'~&([a-z]{1,2})(ac134/56f4315981743+8765475[]lt7ňl2ú5äňú138yé73ťž7ýľute%7C');
pr(htmlspecialchars('<script>alert(\'hacked\')</script>'));
pr('Álix----_Ãxel!?!?');
pr('áéíóúÁÉÍÓÚ');
pr('üÿÄËÏÖÜ.ŸåÅ');
pr('nie4č+a+a§ôňäääaš');
pr('Мао+Цзэдун');
pr('毛泽东');
pr('ماو+تسي+تونغ');
pr('مائو+تسه‌تونگ');
pr('מאו+דזה-דונג');
pr('მაო+ძედუნი');
pr('Mao+Trạch+Đông');
pr('毛澤東');
pr('เหมา+เจ๋อตง');
?>
</body>
</html>|code-block|syntax|javascript|3049099|3049100|这一行是核心：|3049101|++//+transliterate
++$clean+=+transliterator_transliterate('Any-Latin;Latin-ASCII;',+$clean);|3049102|基于this+post的答案。|3049103|解决方案#2:你没有能力在服务器(主机)上安装PHP扩展|3049104|3049105|📷|atomic|3049106|3049107|在CMS+Drupal的transliteration模块中已经完成了相当好的工作。它几乎支持地球上的每一种语言。如果你想拥有真正完整的解决方案消毒字符串，我建议你选择plugin+repository。|3049108|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/manual/intl.setup.php|1|http://www.jasom.net/php-prepare-sanitize-transliterate-convert-change-user-string-input-for-filename-or-url-address|2|IMAGE|IMMUTABLE|imageUrl|https://ask.qcloudimg.com/http-save/yehe-900000/f257778ac07cf9d5885476eca5850507.png|imageAlt|3|https://www.drupal.org/project/transliteration|4|http://cgit.drupalcode.org/transliteration/tree/?h=7.x-3.2^0|0|0|0|13|V|4|8|0|0|0|0|0|0|0|0|0|2|9|1|0|0|0|0|1|2|0|0|C|F|3|2J|A|4|0^^$0|@$1|2|3|4|5|6|7|1V|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|1W|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|1X|8|@]|9|@]|A|$]]|$1|E|3|F|5|G|7|1Y|8|@$H|1Z|I|20|J|K]]|9|@$H|21|I|22|1|23]]|A|$]]|$1|L|3|M|5|G|7|24|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|25|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|26|8|@]|9|@]|A|$]]|$1|Q|3|R|5|S|7|27|8|@]|9|@]|A|$T|U]]|$1|V|3|P|5|6|7|28|8|@]|9|@]|A|$]]|$1|W|3|X|5|6|7|29|8|@]|9|@]|A|$]]|$1|Y|3|Z|5|S|7|2A|8|@]|9|@]|A|$T|U]]|$1|10|3|11|5|6|7|2B|8|@]|9|@$H|2C|I|2D|1|2E]]|A|$]]|$1|12|3|13|5|6|7|2F|8|@]|9|@]|A|$]]|$1|14|3|P|5|6|7|2G|8|@]|9|@]|A|$]]|$1|15|3|16|5|17|7|2H|8|@]|9|@$H|2I|I|2J|1|2K]]|A|$]]|$1|18|3|P|5|6|7|2L|8|@]|9|@]|A|$]]|$1|19|3|1A|5|6|7|2M|8|@]|9|@$H|2N|I|2O|1|2P]|$H|2Q|I|2R|1|2S]]|A|$]]|$1|1B|3|-4|5|6|7|2T|8|@]|9|@]|A|$]]]|1C|$1D|$5|1E|1F|1G|A|$1H|1I]]|1J|$5|1E|1F|1G|A|$1H|1K]]|1L|$5|1M|1F|1N|A|$1O|1P|1Q|-4]]|1R|$5|1E|1F|1G|A|$1H|1S]]|1T|$5|1E|1F|1G|A|$1H|1U]]]]

<h3>Solution #1: You have ability to install PHP extensions on server (hosting)</h3>

For transliteration of "almost every single language on the planet Earth" to ASCII characters.

<ol>
<li>Install <a href="http://php.net/manual/intl.setup.php" rel="nofollow noreferrer">PHP Intl</a> extension first. This is command for Debian (Ubuntu): <code>sudo aptitude install php5-intl</code></li>
<li>This is my fileName function (create test.php and paste there following code):</li>
</ol>

<div class="snippet" data-lang="js" data-hide="false" data-console="false" data-babel="false">
<div class="snippet-code">
<pre class="snippet-code-html lang-html prettyprint-override"><code>&lt;!doctype html&gt;
&lt;html lang="en"&gt;
&lt;head&gt;
&lt;meta charset="utf-8"&gt;
&lt;title&gt;Test&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;?php

function pr($string) {
 print '&lt;hr&gt;';
 print '"' . fileName($string) . '"';
 print '&lt;br&gt;';
 print '"' . $string . '"';
}

function fileName($string) {
 // remove html tags
 $clean = strip_tags($string);
 // transliterate
 $clean = transliterator_transliterate('Any-Latin;Latin-ASCII;', $clean);
 // remove non-number and non-letter characters
 $clean = str_replace('--', '-', preg_replace('/[^a-z0-9-\_]/i', '', preg_replace(array(
 '/\s/', 
 '/[^\w-\.\-]/'
 ), array(
 '_', 
 ''
 ), $clean)));
 // replace '-' for '_'
 $clean = strtr($clean, array(
 '-' =&gt; '_'
 ));
 // remove double '__'
 $positionInString = stripos($clean, '__');
 while ($positionInString !== false) {
 $clean = str_replace('__', '_', $clean);
 $positionInString = stripos($clean, '__');
 }
 // remove '_' from the end and beginning of the string
 $clean = rtrim(ltrim($clean, '_'), '_');
 // lowercase the string
 return strtolower($clean);
}
pr('_replace(\'~&amp;([a-z]{1,2})(ac134/56f4315981743 8765475[]lt7ňl2ú5äňú138yé73ťž7ýľute|');
pr(htmlspecialchars('&lt;script&gt;alert(\'hacked\')&lt;/script&gt;'));
pr('Álix----_Ãxel!?!?');
pr('áéíóúÁÉÍÓÚ');
pr('üÿÄËÏÖÜ.ŸåÅ');
pr('nie4č a a§ôňäääaš');
pr('Мао Цзэдун');
pr('毛泽东');
pr('ماو تسي تونغ');
pr('مائو تسه‌تونگ');
pr('מאו דזה-דונג');
pr('მაო ძედუნი');
pr('Mao Trạch Đông');
pr('毛澤東');
pr('เหมา เจ๋อตง');
?&gt;
&lt;/body&gt;
&lt;/html&gt;</code></pre>
</div>
</div>


This line is core:

<pre><code> // transliterate
 $clean = transliterator_transliterate('Any-Latin;Latin-ASCII;', $clean);
</code></pre>

Answer based on <a href="http://www.jasom.net/php-prepare-sanitize-transliterate-convert-change-user-string-input-for-filename-or-url-address" rel="nofollow noreferrer">this post</a>.

<h3>Solution #2: You don't have ability to install PHP extensions on server (hosting)</h3>

<a href="https://i.stack.imgur.com/lFMsz.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/lFMsz.png" alt="enter image description here"></a>

Pretty good job is done in <a href="https://www.drupal.org/project/transliteration" rel="nofollow noreferrer">transliteration</a> module for CMS Drupal. It supports almost every single language on the planet Earth. I suggest to check plugin <a href="http://cgit.drupalcode.org/transliteration/tree/?h=7.x-3.2" rel="nofollow noreferrer">repository</a> if you want to have really complete solution sanitizing strings.

blocks|key|3049110|text|我推荐*+URLify+for+PHP+(480%2B+stars+on+Github)+-“来自Django项目的URLify.js的PHP端口。音译URL中使用的非ascii字符”。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3049111|基本用法：|3049112|为URL生成插件的：|style|BOLD|3049113|<?php

echo+URLify::filter+('+J\'étudie+le+français+');
//+"jetudie-le-francais"

echo+URLify::filter+('Lo+siento,+no+hablo+español.');
//+"lo-siento-no-hablo-espanol"

?>|code-block|syntax|javascript|3049114|为文件名生成段塞的：|3049115|<?php

echo+URLify::filter+('фото.jpg',+60,+"",+true);
//+"foto.jpg"

?>|3049116|*其他建议都不符合我的标准：|3049117|应该可以通过composer|3049118|Should安装|unordered-list-item|3049119|
|3049120|而不是依赖图标，因为它在不同的图标上表现不同可以扩展以允许覆盖和自定义字符replacements|3049121|3049122|Popular+(例如，Github上的许多星)|3049123|3049124|具有测试|3049125|3049126|作为额外的好处，URLify还删除了某些单词，并剥离了所有未经过音译的字符。|3049127|下面是一个使用URLify正确音译大量外文字符的测试用例：https://gist.github.com/motin/a65e6c1cc303e46900d10894bf2da87f|3049128|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/jbroadway/urlify|1|https://gist.github.com/motin/a65e6c1cc303e46900d10894bf2da87f^0|5|11|0|0|0|9|1|0|0|9|1|0|0|0|0|0|0|0|0|0|0|0|0|0|T|1Q|1|0^^$0|@$1|2|3|4|5|6|7|1O|8|@]|9|@$A|1P|B|1Q|1|1R]]|C|$]]|$1|D|3|E|5|6|7|1S|8|@]|9|@]|C|$]]|$1|F|3|G|5|6|7|1T|8|@$A|1U|B|1V|H|I]]|9|@]|C|$]]|$1|J|3|K|5|L|7|1W|8|@]|9|@]|C|$M|N]]|$1|O|3|P|5|6|7|1X|8|@$A|1Y|B|1Z|H|I]]|9|@]|C|$]]|$1|Q|3|R|5|L|7|20|8|@]|9|@]|C|$M|N]]|$1|S|3|T|5|6|7|21|8|@]|9|@]|C|$]]|$1|U|3|V|5|6|7|22|8|@]|9|@]|C|$]]|$1|W|3|X|5|Y|7|23|8|@]|9|@]|C|$]]|$1|Z|3|10|5|6|7|24|8|@]|9|@]|C|$]]|$1|11|3|12|5|Y|7|25|8|@]|9|@]|C|$]]|$1|13|3|10|5|6|7|26|8|@]|9|@]|C|$]]|$1|14|3|15|5|Y|7|27|8|@]|9|@]|C|$]]|$1|16|3|10|5|6|7|28|8|@]|9|@]|C|$]]|$1|17|3|18|5|Y|7|29|8|@]|9|@]|C|$]]|$1|19|3|-4|5|6|7|2A|8|@]|9|@]|C|$]]|$1|1A|3|1B|5|6|7|2B|8|@]|9|@]|C|$]]|$1|1C|3|1D|5|6|7|2C|8|@]|9|@$A|2D|B|2E|1|2F]]|C|$]]|$1|1E|3|-4|5|6|7|2G|8|@]|9|@]|C|$]]]|1F|$1G|$5|1H|1I|1J|C|$1K|1L]]|1M|$5|1H|1I|1J|C|$1K|1N]]]]

I recommend* <a href="https://github.com/jbroadway/urlify" rel="noreferrer">URLify for PHP (480+ stars on Github)</a> - "the PHP port of URLify.js from the Django project. Transliterates non-ascii characters for use in URLs".

Basic usage:

To generate slugs for URLs:

<pre><code>&lt;?php

echo URLify::filter (' J\'étudie le français ');
// "jetudie-le-francais"

echo URLify::filter ('Lo siento, no hablo español.');
// "lo-siento-no-hablo-espanol"

?&gt;
</code></pre>

To generate slugs for file names:

<pre><code>&lt;?php

echo URLify::filter ('фото.jpg', 60, "", true);
// "foto.jpg"

?&gt;
</code></pre>

*None of the other suggestions matched my criteria:

<ul>
<li>Should be installable via composer</li>
<li>Should not depend on iconv since it behaves differently on different systems</li>
<li>Should be extendable to allow overrides and custom character replacements</li>
<li>Popular (for instance many stars on Github)</li>
<li>Has tests</li>
</ul>

As a bonus, URLify also removes certain words and strips away all characters not transliterated. 

Here is a test case with tons of foreign characters being transliterated properly using URLify: <a href="https://gist.github.com/motin/a65e6c1cc303e46900d10894bf2da87f" rel="noreferrer">https://gist.github.com/motin/a65e6c1cc303e46900d10894bf2da87f</a>

I am trying to come up with a function that does a good job of sanitizing certain strings so that they are safe to use in the URL (like a post slug) and also safe to use as file names. For example, when someone uploads a file I want to make sure that I remove all dangerous characters from the name.

So far I have come up with the following function which I hope solves this problem and allows foreign UTF-8 data also.

<pre><code>/**
 * Convert a string to the file/URL safe "slug" form
 *
 * @param string $string the string to clean
 * @param bool $is_filename TRUE will allow additional filename characters
 * @return string
 */
function sanitize($string = '', $is_filename = FALSE)
{
 // Replace all weird characters with dashes
 $string = preg_replace('/[^\w\-'. ($is_filename ? '~_\.' : ''). ']+/u', '-', $string);

 // Only allow one dash separator at a time (and make string lowercase)
 return mb_strtolower(preg_replace('/--+/u', '-', $string), 'UTF-8');
}
</code></pre>

Does anyone have any tricky sample data I can run against this - or know of a better way to safeguard our apps from bad names?

$is-filename allows some additional characters like temp vim files

update: removed the star character since I could not think of a valid use

Sanitizing strings to make them URL and filename safe?

我正在尝试想出一个函数，它可以很好地清理某些字符串，这样它们就可以安全地在URL中使用(就像post slug一样)，也可以安全地用作文件名。例如，当有人上传文件时，我希望确保删除名称中的所有危险字符。到目前为止，我已经想出了下面的函数，我希望它能解决这个问题，并允许国外的UTF-8数据。/** * Convert a...

问对字符串进行消毒，使其URL和文件名安全？
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问对字符串进行消毒，使其URL和文件名安全？EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问对字符串进行消毒，使其URL和文件名安全？
EN