homepage Welcome to WebmasterWorld Guest from 54.196.168.78
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
form info to text file
astounded




msg:1301663
 1:04 am on Mar 20, 2003 (gmt 0)

Thanks jatar for the excellent help a few months ago. I have been using Jack's formmail with a bit of php script you suggested to both send the form info by email, and also to insert it into a .txt file on the server. The code I put in was:

$writestring = "\"" . $name . "\",\"" . $phone . "\",\"" . $email . "\",\"" . $date . "\",\"" . $comments . "\"\r\n";

$filepointer = fopen("file-home.csv","a");
fwrite($filepointer,$writestring);
fclose($filepointer);

Now I have two questions:

1. Is this safe if hackers try to attack?

2. I need to know where the form originated. I have five businesses using five forms on five html pages. Each busienss has it's own server directory, and each directory has a form and index.html page set up just for that business. But, all the info from all the forms must go into the ONE .txt file. Is there an easy bit of code I could put in the form so it would automatically send a new field (business#1 for instance) so I would know where it was coming from. Ideally it would only go to the .txt file, and not in the email message. But I would live with it if "business#1" went to both email and .txt.

What I'm trying to end up with is a text file with:
name, phone, email, date, comments - all entered by the user
business#1 - last entry in the .txt file would be automatically entered and would show me from which web page or business the info orginated.

Thanks a bunch. I wouldn't have gotten this far without your help.

 

aaronc




msg:1301664
 1:23 am on Mar 20, 2003 (gmt 0)

1) Are you filtering out bad chars? Like if someone put in
aaron,"\r\n for the name value, what would happen to the script? It would screw up the formatting of your text file.

2) You could put a hidden field in your form to specify the business it's coming from.
<input type=hidden name=business value=business1>

astounded




msg:1301665
 1:28 am on Mar 20, 2003 (gmt 0)

No, I haven't done any filtering, and that's the kind of info I needed. What do you suggest on it? I'm a real neophyte at php.

Birdman




msg:1301666
 1:47 am on Mar 20, 2003 (gmt 0)

<input type="hidden" name="refer" value="<?=$_SERVER['HTTP_REFERER']?>" />

astounded




msg:1301667
 3:52 am on Mar 20, 2003 (gmt 0)

Since I stuck this piece of script into Jack's formmail, wouldn't all the security measure in Jack's also apply to the bit of script I have that sends form data to a .txt file?

astounded




msg:1301668
 4:25 pm on Mar 21, 2003 (gmt 0)

Birdman,

I've looked all over searching on the php sites for:

<input type="hidden" name="refer" value="<?=$_SERVER['HTTP_REFERER']?>" />

But I can't find it. What does it do? Do I have to change any variable in it, or just put it in the form as is?

jatar_k




msg:1301669
 4:49 pm on Mar 21, 2003 (gmt 0)

[php.net...]

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

The from element, obviously, grabs it on load (if available) and writes it into the hidden value and sends it off to the processor.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved