problem in file upload

If the file name is fin's xyz.mp3 then it is not uploading because of this fin(')s single quote. How should I use move_uploaded_file($tmp,$dest) in PHP?

Example:

$name1=$_FILES['FileName']['name'];
$tmp1=$_FILES['Fil开发者_运维百科eName']['tmp_name'];
$target = "../music_files/";
$up=uniqid().$name1;
$target = $target.$up;
move_uploaded_file($tmp1,$target);

HTML:

<form action="" method="post" enctype="multipart/form-data" name="loginfrm" onsubmit="return CheckLogin();">
    <input type="file" id="FileName" name="FileName" class="text-box" />
    <input name="Submit" type="submit" class="button" value="Save" />
</form>

Depending on how you are storing the file you can strip all non alpha-numeric characters with a simple preg_replace() and then you do not have to worry about it.

$name1 = preg_replace('~[^a-z0-9_-]~i', '', $_FILES['FileName']['name']);

Pending I did not make any silly mistakes.

If you are storing the name in a database you can just make the actual filename an md5 hash and reference that in the table you store the information in.

Quotes serve as special characters on many systems - you might want to sanitize your filenames - e.g. whitelist a set of characters and drop the others:

$name1=$_FILES['FileName']['name'];
$up=uniqid() . preg_preplace('/[^a-zA-Z0-9_-]/','',$name1);

This gives you, as a bonus, added resiliency against invalid filenames and directory traversal attacks (e.g. where an attacker would give "../../../../../../../../etc/passwd" as the file's name).