Welcome to WebmasterWorld Guest from 54.163.35.238

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

form info to text file

     

astounded

1:04 am on Mar 20, 2003 (gmt 0)

10+ Year Member



Thanks jatar for the excellent help a few months ago. I have been using Jack's formmail with a bit of php script you suggested to both send the form info by email, and also to insert it into a .txt file on the server. The code I put in was:

$writestring = "\"" . $name . "\",\"" . $phone . "\",\"" . $email . "\",\"" . $date . "\",\"" . $comments . "\"\r\n";

$filepointer = fopen("file-home.csv","a");
fwrite($filepointer,$writestring);
fclose($filepointer);

Now I have two questions:

1. Is this safe if hackers try to attack?

2. I need to know where the form originated. I have five businesses using five forms on five html pages. Each busienss has it's own server directory, and each directory has a form and index.html page set up just for that business. But, all the info from all the forms must go into the ONE .txt file. Is there an easy bit of code I could put in the form so it would automatically send a new field (business#1 for instance) so I would know where it was coming from. Ideally it would only go to the .txt file, and not in the email message. But I would live with it if "business#1" went to both email and .txt.

What I'm trying to end up with is a text file with:
name, phone, email, date, comments - all entered by the user
business#1 - last entry in the .txt file would be automatically entered and would show me from which web page or business the info orginated.

Thanks a bunch. I wouldn't have gotten this far without your help.

aaronc

1:23 am on Mar 20, 2003 (gmt 0)

10+ Year Member



1) Are you filtering out bad chars? Like if someone put in
aaron,"\r\n for the name value, what would happen to the script? It would screw up the formatting of your text file.

2) You could put a hidden field in your form to specify the business it's coming from.
<input type=hidden name=business value=business1>

astounded

1:28 am on Mar 20, 2003 (gmt 0)

10+ Year Member



No, I haven't done any filtering, and that's the kind of info I needed. What do you suggest on it? I'm a real neophyte at php.

Birdman

1:47 am on Mar 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



<input type="hidden" name="refer" value="<?=$_SERVER['HTTP_REFERER']?>" />

astounded

3:52 am on Mar 20, 2003 (gmt 0)

10+ Year Member



Since I stuck this piece of script into Jack's formmail, wouldn't all the security measure in Jack's also apply to the bit of script I have that sends form data to a .txt file?

astounded

4:25 pm on Mar 21, 2003 (gmt 0)

10+ Year Member



Birdman,

I've looked all over searching on the php sites for:

<input type="hidden" name="refer" value="<?=$_SERVER['HTTP_REFERER']?>" />

But I can't find it. What does it do? Do I have to change any variable in it, or just put it in the form as is?

jatar_k

4:49 pm on Mar 21, 2003 (gmt 0)

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member



[php.net...]

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

The from element, obviously, grabs it on load (if available) and writes it into the hidden value and sends it off to the processor.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month