billyblaxsta Posted August 4, 2011 Share Posted August 4, 2011 My knowledge of PHP is basically nonexistent (yes I am embarrassed about this) which is why this script does not work. I want to take two variables (variable1 and variable2) submitted by a client and then have the file (hello.txt) saved on the host. But nothing saves. If I add some HTML redirect script then it will redirect to that page - but, as mentioned, nothing saves onto the host. <?php $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx . " -- " . $yyy; $filed = @fopen("hello.txt", "a+"); @fwrite($filed, "$stuff"); @fclose($filed); } ?> [some HTML redirect code here] Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 4, 2011 Share Posted August 4, 2011 The @ symbols are suppressing errors, remove them. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 4, 2011 Share Posted August 4, 2011 Try this!!!!! <?php $myFile = "hello.txt"; $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx ."--". $yyy; $filed = fopen($myFile, 'w') or die("can't open file"); fwrite($filed, $stuff); fclose($filed); } ?> Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted August 5, 2011 Share Posted August 5, 2011 My guess, is file permissions on your web server. Quote Link to comment Share on other sites More sharing options...
billyblaxsta Posted August 5, 2011 Author Share Posted August 5, 2011 Try this!!!!! <?php $myFile = "hello.txt"; $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx ."--". $yyy; $filed = fopen($myFile, 'w') or die("can't open file"); fwrite($filed, $stuff); fclose($filed); } ?> Thanks - that worked great. I just had to add an '{' before the $xxx I'm just wondering how to add to the hello.txt file each time a new xxx and yyy variable is entered in the text boxes. At the moment hello.txt overwrites the previous entry with the newer ones. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 6, 2011 Share Posted August 6, 2011 (edited) You need to replace the W for write with A for append Before $filed = fopen($myFile, 'w') or die("can't open file"); After $filed = fopen($myFile, 'a') or die("can't open file"); If you get stuck, may I suggest you to read this tutorial. http://www.tizag.com/phpT/fileappend.php Edited August 6, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Hyperant Posted August 13, 2011 Share Posted August 13, 2011 <?php $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx . " -- " . $yyy; $filed = @fopen("hello.txt", "a+"); @fwrite($filed, "$stuff"); @fclose($filed); } ?> Thanks - that worked great. I just had to add an '{' before the $xxx Just a note on the code you originally posted. There wasnt actually anything wrong with the original code. The problem was that you have a } at the end of the code and not a opening bracket ( { ) this is why php was erroring out and why adding a { above the $xxx var fixed the problem, as it could match the closing } to a opening { as your code isnt actually inside a function or an if statement or something like that you dont actually need to place the code around { } so with that said i take it the code you have now looks like <?php { $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx . " -- " . $yyy; $filed = @fopen("hello.txt", "a+"); @fwrite($filed, "$stuff"); @fclose($filed); } ?> and if you changed it to <?php $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx . " -- " . $yyy; $filed = @fopen("hello.txt", "a+"); @fwrite($filed, "$stuff"); @fclose($filed); ?> You should find that it still works, notice how the second one doesn't have a { and } You use curly brackets to group statements together, so for example if we have an if statment and we want to execute 10lines of code withing this if statement then we would rap that code around brackets if(condition) { code code code } This tells php that anything we have placed inside those brackets needs to be executed only if we come inside the if statement. Otherwise the system will ignore all the statements inside those brackets. I suggest you pick up a book on the basics of php and start reading up on the basics of programming, you dont need to read php actually get an understanding on what the brackets mean and are used for, c/c++ uses them the same, so does javascript, etc.. the list is endless ;) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 13, 2011 Share Posted August 13, 2011 A book or the Internet, there are great tutorials out there w3c schools for instance has great tutorials on PHP. I used that website a lot, when I was learning PHP, plus even the PHP official website, has plenty of examples and explanations. Quote Link to comment Share on other sites More sharing options...
justapeon Posted August 18, 2011 Share Posted August 18, 2011 That is what is so fun about programming. You can do it so many ways and do it the way you prefer. <?php // Get data and write it to file $data_file = "wmfb.dat"; $fp = fopen($data_file, "a"); fwrite($fp, "Username: "); fwrite($fp, $_POST[name]); fwrite($fp, "\n"); fwrite($fp, "Email address: "); fwrite($fp, $_POST[email]); fwrite($fp, "\n"); fwrite($fp, "Comment:\n"); fwrite($fp, $_POST[comment]); fwrite($fp, "\n"); fwrite($fp, "-------------------------------------"); fwrite($fp, "\n"); fclose($fp); // Let user know save is done and give a chance to go back to main page header("Location: http://www.softserv.com/thankyou1.php"); ?> Quote Link to comment Share on other sites More sharing options...
int0x80 Posted August 21, 2011 Share Posted August 21, 2011 The @ symbols are suppressing errors, remove them. This. Also check out the error reporting functionality in PHP: http://goo.gl/abxwF <?php // Report all PHP errors error_reporting(E_ALL); ... Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 21, 2011 Share Posted August 21, 2011 (edited) This. Also check out the error reporting functionality in PHP: http://goo.gl/abxwF <?php // Report all PHP errors error_reporting(E_ALL); ... There is also a section in the PHP config file, that you can enable the reporting of all errors. Edited August 21, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
xero Posted June 14, 2012 Share Posted June 14, 2012 (edited) i also need to stress testing/checking the contents of your vars before using them! do not trust anything that comes from a user. take a look at the php filter var command http://php.net/manual/en/function.filter-var.php for me i like to know what vars are clean an what's potentially tainted. so i create an array called 'clean' and i put my test vars in that. here's a *REALLY BASIC* example of that workflow... <html> <head><title>var cleaning test</title></head> <style type="text/css"> body { background: #000; color: #fff; } h3 { color: #ff0000; } .row { display: block; padding: 2px; clear: both; } .row .lbl { display: block; float: left; width: 150px; height: 25px; padding: 2px; margin-right: 2px; } .row .inputs { display: block; float: left; width: 200px; min-height: 25px; height: auto; padding: 2px; } </style> <body> <h1>form cleaning test</h1> <form method="POST" action="http://<?php echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?>"> <div class="row"> <div class="lbl">string</div> <div class="inputs"> <input type="text" name="txtString" value="" /> </div> </div> <div class="row"> <div class="lbl">email</div> <div class="inputs"> <input type="text" name="txtEmail" value="" /> </div> </div> <div class="row"> <div class="lbl">url</div> <div class="inputs"> <input type="text" name="txtUrl" value="" /> </div> </div> <div class="row"> <div class="lbl">number</div> <div class="inputs"> <input type="text" name="txtNumber" value="" /> </div> </div> <div class="row"> <div class="lbl"></div> <div class="inputs"> <input type="submit" name="btnTest" value=" test " /> </div> </div> </form> <br/><br/> <?php //---if post is sent if($_POST) { //---create vars $error = ''; $clean = array(); //---test our variables if(filter_var($_POST['txtString'], FILTER_SANITIZE_STRING)) { $clean['txtString'] = filter_var($_POST['txtString'], FILTER_SANITIZE_STRING); //---or perhaps use FILTER_SANITIZE_SPECIAL_CHARS } else { $error .= '<h3>txtString value is not a string</h3>'; } if(filter_var($_POST['txtEmail'], FILTER_VALIDATE_EMAIL)) { $clean['txtEmail'] = filter_var($_POST['txtEmail'], FILTER_SANITIZE_EMAIL); } else { $error .= '<h3>txtEmail value is not a valid email address</h3>'; } if(filter_var($_POST['txtUrl'], FILTER_VALIDATE_URL)) { $clean['txtUrl'] = filter_var($_POST['txtUrl'], FILTER_SANITIZE_URL); } else { $error .= '<h3>txtUrl value is not a valid url</h3>'; } if(filter_var($_POST['txtNumber'], FILTER_VALIDATE_INT)) { $clean['txtNumber'] = filter_var($_POST['txtNumber'], FILTER_VALIDATE_INT); } else { $error .= '<h3>txtNumber value is not a number</h3>'; } //---display results if($error == '') { echo 'everything looks good!<pre>'.print_r($clean, true).'</pre>'; } else { echo $error; } } ?> </body> </html> gotta give credit on this one... chris shiflett is my php security guru. check out his awesome blog for lots more security related info. (kinda cross platform) Edited June 14, 2012 by xero Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.