Jump to content

Basic Php Question - Cannot Save Variables.


billyblaxsta
 Share

Recommended Posts

My knowledge of PHP is basically nonexistent (yes I am embarrassed about this) which is why this script does not work.

I want to take two variables (variable1 and variable2) submitted by a client and then have the file (hello.txt) saved on the host.

But nothing saves. If I add some HTML redirect script then it will redirect to that page - but, as mentioned, nothing saves onto the host.

<?php

$xxx = ($_POST['variable1']);

$yyy = ($_POST['variable2']);

$stuff = $xxx . " -- " . $yyy;

$filed = @fopen("hello.txt", "a+");

@fwrite($filed, "$stuff");

@fclose($filed);

}

?>

[some HTML redirect code here]

Link to comment
Share on other sites

Try this!!!!!

&lt;?php

$myFile = "hello.txt";

$xxx = ($_POST['variable1']);
$yyy = ($_POST['variable2']);

$stuff = $xxx ."--". $yyy;


$filed = fopen($myFile, 'w') or die("can't open file");
fwrite($filed, $stuff);
fclose($filed);


}
?&gt;

Link to comment
Share on other sites

Try this!!!!!

&lt;?php

$myFile = "hello.txt";

$xxx = ($_POST['variable1']);
$yyy = ($_POST['variable2']);

$stuff = $xxx ."--". $yyy;


$filed = fopen($myFile, 'w') or die("can't open file");
fwrite($filed, $stuff);
fclose($filed);


}
?&gt;

Thanks - that worked great. I just had to add an '{' before the $xxx

I'm just wondering how to add to the hello.txt file each time a new xxx and yyy variable is entered in the text boxes. At the moment hello.txt overwrites the previous entry with the newer ones.

Link to comment
Share on other sites

You need to replace the W for write with A for append

Before

$filed = fopen($myFile, 'w') or die("can't open file");

After

$filed = fopen($myFile, 'a') or die("can't open file");

If you get stuck, may I suggest you to read this tutorial.

http://www.tizag.com/phpT/fileappend.php

Edited by Infiltrator
Link to comment
Share on other sites

&lt;?php
	$xxx = ($_POST['variable1']);
	$yyy = ($_POST['variable2']);

	$stuff = $xxx . "  --  " . $yyy;

	$filed = @fopen("hello.txt", "a+");
	@fwrite($filed, "$stuff");
	@fclose($filed);
}
?&gt;

Thanks - that worked great. I just had to add an '{' before the $xxx

Just a note on the code you originally posted. There wasnt actually anything wrong with the original code. The problem was that you have a } at the end of the code and not a opening bracket ( { ) this is why php was erroring out and why adding a { above the $xxx var fixed the problem, as it could match the closing } to a opening { as your code isnt actually inside a function or an if statement or something like that you dont actually need to place the code around { } so with that said i take it the code you have now looks like

&lt;?php
	{
		$xxx = ($_POST['variable1']);
		$yyy = ($_POST['variable2']);

		$stuff = $xxx . "  --  " . $yyy;

		$filed = @fopen("hello.txt", "a+");
		@fwrite($filed, "$stuff");
		@fclose($filed);
	}
?&gt;

and if you changed it to

&lt;?php
	$xxx = ($_POST['variable1']);
	$yyy = ($_POST['variable2']);

	$stuff = $xxx . "  --  " . $yyy;

	$filed = @fopen("hello.txt", "a+");
	@fwrite($filed, "$stuff");
	@fclose($filed);
?&gt;

You should find that it still works, notice how the second one doesn't have a { and }

You use curly brackets to group statements together, so for example if we have an if statment and we want to execute 10lines of code withing this if statement then we would rap that code around brackets

if(condition) {

code

code

code

}

This tells php that anything we have placed inside those brackets needs to be executed only if we come inside the if statement. Otherwise the system will ignore all the statements inside those brackets. I suggest you pick up a book on the basics of php and start reading up on the basics of programming, you dont need to read php actually get an understanding on what the brackets mean and are used for, c/c++ uses them the same, so does javascript, etc.. the list is endless ;)

Link to comment
Share on other sites

A book or the Internet, there are great tutorials out there w3c schools for instance has great tutorials on PHP. I used that website a lot, when I was learning PHP, plus even the PHP official website, has plenty of examples and explanations.

Link to comment
Share on other sites

That is what is so fun about programming. You can do it so many ways and do it the way you prefer.

&lt;?php

// Get data and write it to file

$data_file = "wmfb.dat";
$fp = fopen($data_file, "a");
fwrite($fp, "Username: ");
fwrite($fp, $_POST[name]);
fwrite($fp, "\n");
fwrite($fp, "Email address: ");
fwrite($fp, $_POST[email]);
fwrite($fp, "\n");
fwrite($fp, "Comment:\n");
fwrite($fp, $_POST[comment]);
fwrite($fp, "\n");
fwrite($fp, "-------------------------------------");
fwrite($fp, "\n");
fclose($fp);

// Let user know save is done and give a chance to go back to main page
header("Location: http://www.softserv.com/thankyou1.php");
?&gt;

Link to comment
Share on other sites

This. Also check out the error reporting functionality in PHP: http://goo.gl/abxwF

&lt;?php

// Report all PHP errors
error_reporting(E_ALL);

...

There is also a section in the PHP config file, that you can enable the reporting of all errors.

Edited by Infiltrator
Link to comment
Share on other sites

  • 9 months later...

i also need to stress testing/checking the contents of your vars before using them!

do not trust anything that comes from a user.

take a look at the php filter var command

http://php.net/manual/en/function.filter-var.php

for me i like to know what vars are clean an what's potentially tainted.

so i create an array called 'clean' and i put my test vars in that.

here's a *REALLY BASIC* example of that workflow...

&lt;html&gt;
&lt;head&gt;&lt;title&gt;var cleaning test&lt;/title&gt;&lt;/head&gt;
&lt;style type="text/css"&gt;
body {
	background: #000;
	color: #fff;
}
h3 {
	color: #ff0000;
}
.row {
  display: block;
  padding: 2px;
  clear: both;
}
.row .lbl {
  display: block;
  float: left;
  width: 150px;
  height: 25px;
  padding: 2px;
  margin-right: 2px;
}
.row .inputs {
  display: block;
  float: left;
  width: 200px;
  min-height: 25px;
  height: auto;
  padding: 2px;
}
&lt;/style&gt;
&lt;body&gt;

&lt;h1&gt;form cleaning test&lt;/h1&gt;
&lt;form method="POST" action="http://&lt;?php  echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; ?&gt;"&gt;
&lt;div class="row"&gt;
	&lt;div class="lbl"&gt;string&lt;/div&gt;
	&lt;div class="inputs"&gt;
		&lt;input type="text" name="txtString" value="" /&gt; 
	&lt;/div&gt;
&lt;/div&gt;
&lt;div class="row"&gt;
	&lt;div class="lbl"&gt;email&lt;/div&gt;
	&lt;div class="inputs"&gt;
		&lt;input type="text" name="txtEmail" value="" /&gt; 
	&lt;/div&gt;
&lt;/div&gt;
&lt;div class="row"&gt;
	&lt;div class="lbl"&gt;url&lt;/div&gt;
	&lt;div class="inputs"&gt;
		&lt;input type="text" name="txtUrl" value="" /&gt; 
	&lt;/div&gt;
&lt;/div&gt;
&lt;div class="row"&gt;
	&lt;div class="lbl"&gt;number&lt;/div&gt;
	&lt;div class="inputs"&gt;
		&lt;input type="text" name="txtNumber" value="" /&gt; 
	&lt;/div&gt;
&lt;/div&gt;
&lt;div class="row"&gt;
	&lt;div class="lbl"&gt;&lt;/div&gt;
	&lt;div class="inputs"&gt;
		&lt;input type="submit" name="btnTest" value=" test " /&gt; 
	&lt;/div&gt;
&lt;/div&gt;
&lt;/form&gt;
&lt;br/&gt;&lt;br/&gt;
&lt;?php

//---if post is sent
if($_POST) {
	//---create vars
	$error = '';
	$clean = array();

	//---test our variables
	if(filter_var($_POST['txtString'], FILTER_SANITIZE_STRING)) {
		$clean['txtString'] = filter_var($_POST['txtString'], FILTER_SANITIZE_STRING);
		//---or perhaps use FILTER_SANITIZE_SPECIAL_CHARS
	} else {
		$error .= '&lt;h3&gt;txtString value is not a string&lt;/h3&gt;';
	}
	if(filter_var($_POST['txtEmail'], FILTER_VALIDATE_EMAIL)) {
		$clean['txtEmail'] = filter_var($_POST['txtEmail'], FILTER_SANITIZE_EMAIL);
	} else {
		$error .= '&lt;h3&gt;txtEmail value is not a valid email address&lt;/h3&gt;';
	}
	if(filter_var($_POST['txtUrl'], FILTER_VALIDATE_URL)) {
		$clean['txtUrl'] = filter_var($_POST['txtUrl'], FILTER_SANITIZE_URL);
	} else {
		$error .= '&lt;h3&gt;txtUrl value is not a valid url&lt;/h3&gt;';
	}
	if(filter_var($_POST['txtNumber'], FILTER_VALIDATE_INT)) {
		$clean['txtNumber'] = filter_var($_POST['txtNumber'], FILTER_VALIDATE_INT);
	} else {
		$error .= '&lt;h3&gt;txtNumber value is not a number&lt;/h3&gt;';
	}
	//---display results
	if($error == '') {
		echo 'everything looks good!&lt;pre&gt;'.print_r($clean, true).'&lt;/pre&gt;';
	} else {
		echo $error;
	}
}
?&gt;

&lt;/body&gt;
&lt;/html&gt;

gotta give credit on this one...

chris shiflett is my php security guru. check out

his awesome blog for lots more security related info. (kinda cross platform)

Edited by xero
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...