SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Flat File overwritting

    This code appends to a flat file fine, but I want to over write the file. How would I do this?

    Code:
    <?php 
    $fs = fopen( $_POST["file"], "a+" ) or die("error when opening the file");
    fwrite($fs, $_POST["contents"]);
    fclose($fs);
    echo "Edit was successfull";
    exit(0);
    ?>
    Thanks

  2. #2
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,526
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Add this to the beginning of your code:
    Code:
    @unlink($_POST["file"]);
    If the file doesn't exist, nothing will happen - no error message. If it does, the above code will delete it.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that worked well except I get \\\
    Code:
    <li type=\\\"square\\\"><SMALL><b>CALLRN Certified Assisted Living Locators</b><br><a href=\\\"http://www.certifiedassistedlivinglocators.com/\\\" target=\\\"_blank\\\">http://www.certifiedassistedlivinglocators.com/</a><br>A Registered Nurse Professional Placement Agency</SMALL></li>
    any idea why? I'm thinking maybe something like this should be in there somewhere but not sure where?

    Code:
    $file = htmlspecialchars(stripslashes(Stripn($file)));
    Thanks

  4. #4
    SitePoint Zealot devscripts's Avatar
    Join Date
    Sep 2004
    Location
    ur monitor
    Posts
    175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    stripslashes($_POST["contents"]) before writing.

    also note:

    fopen() with +a switch means . Open for reading and writing; place the file pointer at the end of the file. If the file does not exist, attempt to create it.

    and u can open it for writing only..... with
    fopen($_POST["file"], "w" ) .... where w stands for.......

    Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.
    "None of you [truly] believes until he wishes for his brother what he wishes for himself." By The one and Only Prophet Mohammed (Peace and blessings be upon him)

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok now all I get is one \ for every " instead of \\\" ... getting closer

    I changed the a+ to w since I'm only writing to or overwritting the file

    You lost me on place the file pointer at begining or end and truncate the file to zero length? Sorry

    Thanks much for your help to date.

  6. #6
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,526
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Read this for an explanation of all the parameters in the fopen() statement.

    As to the problem with the extra slash, try this:
    Code:
    $file=eregi_replace("\","","$file");
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  7. #7
    SitePoint Zealot devscripts's Avatar
    Join Date
    Sep 2004
    Location
    ur monitor
    Posts
    175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it." is the description of what it means to use "w" switch on the fopen() commands... got from php.net http://uk.php.net/fopen

    basically u r teling php.... open the file... like you would open a file.txt, delete all the text that is there, and start writing. after putting the pointer at the beginning of the file.. as u wud in notepad.... this is what it means. its the description of the "w" switch plz go to the url i gave to get clear info.

    thanks. any more help just ask alright?..
    "None of you [truly] believes until he wishes for his brother what he wishes for himself." By The one and Only Prophet Mohammed (Peace and blessings be upon him)

  8. #8
    SitePoint Enthusiast
    Join Date
    Oct 2004
    Location
    Australia
    Posts
    84
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation

    Quote Originally Posted by DS51
    ok now all I get is one \ for every " instead of \\\" ... getting closer

    I changed the a+ to w since I'm only writing to or overwritting the file

    You lost me on place the file pointer at begining or end and truncate the file to zero length? Sorry

    Thanks much for your help to date.
    Using w will place the file pointer at the beginning of the file and overwrite anything that's in the file. Effectively the same as deleting the file but without actually removing the filename.

    If you want a bit of security advice. Don't ever open a file from a variable submitted by the user. Could you image if you had this line:

    $fp = fopen("/etc/passwd","r+");
    fpassthru($fp);

    Anybody now can read your passwd file. Things would be even worse if you write to the file and the permissions aren't set properly.

    Validate the user input instead...eg:

    switch($_POST['file'])
    {
    case 'file1': $filename = 'file1.txt'; break;
    case 'file2': $filename = 'file2.txt'; break;
    default: $filename = 'default.txt'; break;
    }
    $fp = fopen($filename, "r");

    I know it seems tedious to write all this but it'll catch a hacker putting the name of the php script and destroying it or even worse something that your system depends on.

  9. #9
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'll do some reading thank you for the info and explination.

    I tried the
    Code:
    $file=eregi_replace("\","","$file");
    and get an error

    Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/designst/www/cas/Links/save.php on line 4

  10. #10
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,526
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this instead:
    Code:
    $file=eregi_replace("\","",$file);
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  11. #11
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so for each file i want to open and write to with this script I need to put the code you show at the top and ad a line to each file?

    Code:
    case 'file1': $filename = 'MYFILEHERE.txt'; break;

  12. #12
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    still get parse error, unexpected '\"' using eregi_replace

    this is what I have and it seams to work fine except the \" problem.

    Code:
    <?php
    switch($_POST['file'])
    {
    case 'file1': $filename = 'ArizonaLinks.txt'; break;
    }
    @unlink($_POST["file"]);
    $fs = fopen( $_POST["file"], "w" ) or die("error when opening the file");
    stripslashes($_POST["contents"]);
    fwrite($fs, $_POST["contents"]);
    fclose($fs);
    echo "Edit was successfull";
    exit(0);
    ?>
    is this right ? do I need this line...
    default: $filename = 'default.txt'; break;
    and if so why?

    Thanks again

  13. #13
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,526
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, forget what I told you to do. Try this instead:
    Code:
    $file = stripslashes($file);
    is this right ? do I need this line...
    default: $filename = 'default.txt'; break;
    and if so why?
    Yes, you need that. It sets a default value for your filename in case the user requested a filename that isn't on the "approved" list.

    BTW, the case structure is there to evaluate in case there is a range of filenames the user can request. It's there for security reasons. As utlk said, you don't want to assume that a user won't try to open and read a password file.

    It's that old "ounce of prevention" thing.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  14. #14
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I understand and fully agree and thank you both for pointing it out and explaining why. I figured I needed default.txt in and for the reasons you pointed out so i put it in and tried it, works just like it's suppose to.

    and this
    Code:
    $file = stripslashes($file);
    doesn't work

    guess I'll have to remove the " " from my code till I figure out what to do about it.

    seams as though
    Code:
    stripslashes($_POST["contents"]);
    works best but still adds \" for any "

  15. #15
    SitePoint Enthusiast
    Join Date
    Dec 2003
    Location
    Washington State
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also tried this bit of code to strip the \ and get the same results as with one above

    Code:
    function Stripd($contents) 
    	{ 
    		$contents = str_replace("'", "''", $contents);
    		return $contents;
    	}
    $contents = htmlspecialchars(stripslashes(Stripd($contents)));

  16. #16
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,526
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I'm not ready to give up yet. Do this prior to inserting your data into the database:
    Code:
    $contents = str_replace("'", "&quot;", $contents);
    When you retrieve the data for whatever you're going to do with it, do the reverse:
    Code:
    $contents = str_replace("&quot;", "'", $contents);
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •