PHP: How to sanitize uploaded filenames?

Question

I have a PHP application.

I allow users to upload files to my web application.

Question: What\'s the best way for me to sanitize the file n

Answer 1

I would just run a simple regex that replaces any non alphanumeric characters with an underscore (or just remove these character altogether). Make sure you preserve the extension of course.

If you want to go a bit further, you could use magic mime extension to ensure the file is the same format that the extension says it is.

EDIT: To avoid filename collisions in a directory, you could append a md5 of users IP + current time to the filename.