A few of my scripts use flat files to store data. Generally I do this for simplicity, and for users who do not have access to MySQL. For larger projects I use databases of course.

There are a few problems with flat files though:

1) Users can view the data file directly - I am not talking about storing passwords or anything, but just email addresses, IPs of visitors, etc. The data file can easily be pulled up in a browser which is not always good.

2) Since the file must have write permission for data to be added by the script, it is possible for someone to append data to the file using alternate methods (besides the intended way).

I have been thinking of the best way to prevent these situations, and wanted to see if anyone had a method they wanted to share.

I know one solution is to store the data outside the public web space, but once again, not all users of the scripts have this option.

One way I was thinking about was to just give the data file a PHP extension, and simply including the following code at the top (which would be skipped by the script when processing the data):

<?php exit();?>

Then to prevent data being appended, there could be a line which tells the script to stop processing the data - an 'end of data' marker. That way if anything is appended after that line, it would be ignored, and the script could even remove it.

I would be very interested to hear any other methods.

Thanks :)