Write FORM data to text file?

Gene · 06-27-2009, 04:33 PM

I'd like to create a form with 3 fields, which will
take the contents of each of the 3 fields and store
them in a text file.

==============================================
Form
==============================================

Enter Website URL Here: [_________________]
????: NamePros.com http://www.namepros.com/programming/592866-write-form-data-to-text-file.html
Enter Account ID# Here: [_________________]
Enter Email Address Here: [_________________]

[ SUBMIT ]

==============================================

When the user submits that form, the information
gets written to a text file containing only this:

==============================================
Text file named info.inc
==============================================

<?php
$weburl = "WebSiteName.com";
$accountid = "12345";
$email = "usersemail@anymailaddress.com";
?>

==============================================

Any time the user goes back to the form above
and changes the data in any of the 3 fields,
the text file will be overwritten accordingly.

Note: The text file will have the CHMOD
permission set to 644 so nobody else can
write to it.

Note: The form will be in a password protected
folder.

No help needed to create the form and
password protected folder. I just need to
know how to get the form SUBMIT to overwrite
the text file to contain the new form data.

Thanks!

Gene

Eric · 06-27-2009, 09:09 PM

Just curious, why not use a MySQL database? Would be easier to work with and IMHO more secure

nasaboy007 · 06-27-2009, 09:45 PM

is it only supposed to hold those 3 pieces of info at one time? (as in different text files for different users).

if so, this should work. (untested, written on-the-fly):

PHP Code:

  <?php

$weburl = $_POST['weburl'];

$accountid = $_POST['accountid'];

$email = $_POST['email'];

 
//This should be the path to the text file, relative to the PHP file this is saved as.

$file = "info.inc";

 
$fh = fopen($file, 'w');

 
$string = "<?php \n \$weburl = \"" . $weburl . "\";\n\$accountid = \"" . $accountid . "\";\n\$email = \"" . $email . "\";\n ?>";

 
fwrite($fh, $string);

 
fclose($fh);

 
?>

????: NamePros.com http://www.namepros.com/showthread.php?t=592866
????: NamePros.com http://www.namepros.com/showthread.php?t=592866
That should be the action of the form, the inputs should be named "weburl", "accountid", and "email". This is the example text file populated:

Quote:

<?php
$weburl = "WebSiteName.com";
$accountid = "12345";
$email = "usersemail@anymailaddress.com";
?>

Do you need to be worrying about sanitizing your data (incase it will be used for other scripts), because that is VERY open to injections?

Gene · 06-28-2009, 05:45 AM

Originally Posted by Eric

Just curious, why not use a MySQL database? Would be easier to work with and IMHO more secure

Mainly because this is for a project where I provide turn-key websites, and this set of files would be bundled along with it so each user can customize their own site with these bits of information. I don't want to make each user have to create a database.

---------- Post added at 07:45 AM ---------- Previous post was at 07:43 AM ----------

Originally Posted by nasaboy007

is it only supposed to hold those 3 pieces of info at one time? (as in different text files for different users).

if so, this should work. (untested, written on-the-fly):

PHP Code:

  <?php

$weburl = $_POST['weburl'];

$accountid = $_POST['accountid'];

????: NamePros.com http://www.namepros.com/showthread.php?t=592866
$email = $_POST['email'];

 
//This should be the path to the text file, relative to the PHP file this is saved as.

$file = "info.inc";

 
$fh = fopen($file, 'w');

 
$string = "<?php \n \$weburl = \"" . $weburl . "\";\n\$accountid = \"" . $accountid . "\";\n\$email = \"" . $email . "\";\n ?>";

????: NamePros.com http://www.namepros.com/showthread.php?t=592866
 
fwrite($fh, $string);

 
fclose($fh);

 
?>

That should be the action of the form, the inputs should be named "weburl", "accountid", and "email". This is the example text file populated:

Do you need to be worrying about sanitizing your data (incase it will be used for other scripts), because that is VERY open to injections?

Thank you for that! I'll work with it and see if it works. Can you please explain what you mean by "sanitizing" the data, and what do you mean by it being "VERY open to injections"? Thanks!

Eric · 06-28-2009, 05:57 AM

Originally Posted by Gene

Mainly because this is for a project where I provide turn-key websites, and this set of files would be bundled along with it so each user can customize their own site with these bits of information. I don't want to make each user have to create a database.

Ahh, I see

Originally Posted by Gene

---------- Post added at 07:45 AM ---------- Previous post was at 07:43 AM ----------

Thank you for that! I'll work with it and see if it works. Can you please explain what you mean by "sanitizing" the data, and what do you mean by it being "VERY open to injections"? Thanks!

Well, taking info. from a user and putting it directly into PHP code like that can be dangerous. There's several ways it can be manipulated. Also you have to be careful about quotes in what they enter - adding " in the input could cause the PHP code to error out when it runs. If you're using PHP 5:

(for the $accountid, I'm assuming this is a number?)

PHP Code:

  <?php
????: NamePros.com http://www.namepros.com/showthread.php?t=592866

$weburl = trim($_POST['weburl']);
????: NamePros.com http://www.namepros.com/showthread.php?t=592866
$accountid = trim($_POST['accountid']);
$email = trim($_POST['email']);

if (!filter_var($weburl, FILTER_VALIDATE_URL))
{
    echo 'Please enter a valid URL';
    exit;
}

if (!filter_var($accountid, FILTER_VALIDATE_INT))
{
    echo 'Please enter a valid account id';
    exit;
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
    echo 'Please enter a valid email address';
    exit;
}

//This should be the path to the text file, relative to the PHP file this is saved as.
$file = "info.inc";

// PHP 5 has file_put_contents
$string = "<?php\n\n\$weburl = \"" . $weburl . "\";\n\$accountid = " . $accountid . ";\n\$email = \"" . $email . "\";\n\n?>";
file_put_contents($file, $string);

/**
$fh = fopen($file, 'w');
fwrite($fh, $string);
fclose($fh);
*/

?>

nasaboy007 · 06-28-2009, 06:28 AM

sanitizing your input means that, for example, if the user were to put something like

Quote:

"; echo $password;

(very crude) into one of the text fields, your text file could look like this:
????: NamePros.com http://www.namepros.com/showthread.php?t=592866

Quote:

<?php
$weburl = "";
echo $password;
$accountid = "12345";
$email = "usersemail@anymailaddress.com";
?>

And so when you put this into another script (for the variables), PHP will think that you actually wanted to display the variable "$password", and so it will show it.

Gene · 06-28-2009, 06:33 AM

I see. Thank you both for your valuable input. Do you have any suggestions on how to accomplish this in a better, more secure way (without using MySQL)?

nasaboy007 · 06-28-2009, 02:14 PM

honestly, (if the way i understand it is correct), it may not matter that much. if you are selling a website to a client, then sending that client to a portal page where they will input the information that they want (login/info/accountid), i assume that your clients can be trusted (to the point where COMPLETE sanitization shouldn't be necessary) and that will never be edited/populated again (once it is initially set).

i suggest just making sure that magic quotes are enabled in PHP (put <?php phpinfo(); ?> in a php file and go to it on your server, it'll show the config of your server. look for the enable_magic_quotes (or something w/ magic quotes in it) and make sure it's enabled).

Gene · 06-28-2009, 02:45 PM

Originally Posted by nasaboy007

honestly, (if the way i understand it is correct), it may not matter that much. if you are selling a website to a client, then sending that client to a portal page where they will input the information that they want (login/info/accountid), i assume that your clients can be trusted (to the point where COMPLETE sanitization shouldn't be necessary) and that will never be edited/populated again (once it is initially set).

i suggest just making sure that magic quotes are enabled in PHP (put <?php phpinfo(); ?> in a php file and go to it on your server, it'll show the config of your server. look for the enable_magic_quotes (or something w/ magic quotes in it) and make sure it's enabled).

Thanks for that information. The clients upload all the files to their own hosting account, and they are the only one(s) using the form (which is password protected) to set up the site or to modify it in the future. So, the magic quotes thing may or may not exist on their hosting account.

nasaboy007 · 06-29-2009, 01:36 PM

The way Eric edited it makes it more secure (since you're validating the input). You shouldn't need to worry about sanitizing the data as much, now.

Also, thanks for showing me filter_var, Eric. I had no idea that existed and I've always HATED having to use regexp to validate things. Rep+

Eric · 06-29-2009, 03:11 PM

Originally Posted by nasaboy007

The way Eric edited it makes it more secure (since you're validating the input). You shouldn't need to worry about sanitizing the data as much, now.

Also, thanks for showing me filter_var, Eric. I had no idea that existed and I've always HATED having to use regexp to validate things. Rep+

Thanks for the rep. and no problem

PHP 5 has some awesome features

Gene · 06-29-2009, 03:22 PM

Thanks again to both of you. I guess I've repped you both too much in the past so can't do it again yet, but I sincerely appreciate your help.

06-27-2009, 04:33 PM	THREAD STARTER #1 (permalink)
Gene DomainersUniversity.com Join Date: Feb 2005 Location: Oswego, NY Posts: 4,735 Follow @GenePimentel	Write FORM data to text file? I'd like to create a form with 3 fields, which will take the contents of each of the 3 fields and store them in a text file. ============================================== Form ============================================== Enter Website URL Here: [_________________] ????: NamePros.com http://www.namepros.com/programming/592866-write-form-data-to-text-file.html Enter Account ID# Here: [_________________] Enter Email Address Here: [_________________] [ SUBMIT ] ============================================== When the user submits that form, the information gets written to a text file containing only this: ============================================== Text file named info.inc ============================================== <?php $weburl = "WebSiteName.com"; $accountid = "12345"; $email = "usersemail@anymailaddress.com"; ?> ============================================== Any time the user goes back to the form above and changes the data in any of the 3 fields, the text file will be overwritten accordingly. Note: The text file will have the CHMOD permission set to 644 so nobody else can write to it. Note: The form will be in a password protected folder. No help needed to create the form and password protected folder. I just need to know how to get the form SUBMIT to overwrite the text file to contain the new form data. Thanks! Gene __________________ . . Expired Domain Search -- ExpiredDomainBoss.com \| Sell Domain Names -- DomainProfitsClub.com -----------------------------------------------------------------------------------------------

06-28-2009, 06:33 AM	THREAD STARTER #7 (permalink)
Gene DomainersUniversity.com Join Date: Feb 2005 Location: Oswego, NY Posts: 4,735 Follow @GenePimentel	I see. Thank you both for your valuable input. Do you have any suggestions on how to accomplish this in a better, more secure way (without using MySQL)? __________________ . . Expired Domain Search -- ExpiredDomainBoss.com \| Sell Domain Names -- DomainProfitsClub.com -----------------------------------------------------------------------------------------------

06-28-2009, 02:14 PM	#8 (permalink)
nasaboy007 Senior Member Join Date: Jul 2005 Location: NJ Posts: 1,219	honestly, (if the way i understand it is correct), it may not matter that much. if you are selling a website to a client, then sending that client to a portal page where they will input the information that they want (login/info/accountid), i assume that your clients can be trusted (to the point where COMPLETE sanitization shouldn't be necessary) and that will never be edited/populated again (once it is initially set). i suggest just making sure that magic quotes are enabled in PHP (put <?php phpinfo(); ?> in a php file and go to it on your server, it'll show the config of your server. look for the enable_magic_quotes (or something w/ magic quotes in it) and make sure it's enabled). __________________ Hacksar.com - Your source for random computer tips and tricks! MySiteMemberships.com - Keep track of your site registration information! Like my post? Rep is appreciated!

06-29-2009, 01:36 PM	#10 (permalink)
nasaboy007 Senior Member Join Date: Jul 2005 Location: NJ Posts: 1,219	The way Eric edited it makes it more secure (since you're validating the input). You shouldn't need to worry about sanitizing the data as much, now. Also, thanks for showing me filter_var, Eric. I had no idea that existed and I've always HATED having to use regexp to validate things. Rep+ __________________ Hacksar.com - Your source for random computer tips and tricks! MySiteMemberships.com - Keep track of your site registration information! Like my post? Rep is appreciated!

06-29-2009, 03:22 PM	THREAD STARTER #12 (permalink)
Gene DomainersUniversity.com Join Date: Feb 2005 Location: Oswego, NY Posts: 4,735 Follow @GenePimentel	Thanks again to both of you. I guess I've repped you both too much in the past so can't do it again yet, but I sincerely appreciate your help. __________________ . . Expired Domain Search -- ExpiredDomainBoss.com \| Sell Domain Names -- DomainProfitsClub.com -----------------------------------------------------------------------------------------------

06-27-2009, 09:09 PM	#2 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	Just curious, why not use a MySQL database? Would be easier to work with and IMHO more secure

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Portfolio 4 Sale/Trade Category-Killers, Adult, Traffic, Aged, LLL, LLLLL, Dictionary	Archangel	Domains For Sale - Make Offer	1	05-20-2009 05:18 PM
I'll pay $25 to code up a contact form with a php file	helloypi	Web Development Wanted	7	01-05-2008 01:31 AM
Need help in reading from a text file in VB	mattonline	Programming	3	07-02-2007 08:33 AM
Text file retrieval	Alpha	Programming	2	08-15-2003 01:23 AM