diff --git a/collections.sqlite b/collections.sqlite
index 8c5ed08..6617853 100644
Binary files a/collections.sqlite and b/collections.sqlite differ
diff --git a/public/uploads/69136d74d6b90_D&D.jpg b/public/uploads/69136d74d6b90_D_D.jpg
similarity index 100%
rename from public/uploads/69136d74d6b90_D&D.jpg
rename to public/uploads/69136d74d6b90_D_D.jpg
diff --git a/public/uploads/69136da8e5916_Edwin&Gabrielle.jpeg b/public/uploads/69136da8e5916_Edwin_Gabrielle.jpeg
similarity index 100%
rename from public/uploads/69136da8e5916_Edwin&Gabrielle.jpeg
rename to public/uploads/69136da8e5916_Edwin_Gabrielle.jpeg
diff --git a/src/Controllers/ItemController.php b/src/Controllers/ItemController.php
index 5d6314c..4a9fea1 100755
--- a/src/Controllers/ItemController.php
+++ b/src/Controllers/ItemController.php
@@ -159,7 +159,8 @@ class ItemController
         if (!is_dir($uploadDir)) {
             mkdir($uploadDir, 0755, true);
         }
-        $fileName = uniqid() . '_' . basename($file['name']);
+        $safeName = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', basename($file['name']));
+        $fileName = uniqid() . '_' . $safeName;
         $targetPath = $uploadDir . $fileName;
         error_log("Attempting to move from " . $file['tmp_name'] . " to " . $targetPath);
         if (move_uploaded_file($file['tmp_name'], $targetPath)) {