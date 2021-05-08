droopsnoot: droopsnoot: Text file, presumably.

As droopsnoot mentions, files are pretty much your only alternative for a permanent storage of the user data. However, files open you up to potential security risks and implications that you would be better off avoiding by just using a database. These include…

Making sure the file cannot be read by any other “unauthorized” application or ever accessible by the public They are traditionally slower, especially when the file gets larger. They are also not typically well suited for multiple processes to access the file at the same time (if one user is signing up and writing to the file, the user trying to login may have problems reading the file and cause the app to crash)… that or they may read the file and it may not be accurate since it is not taking into account the other app writing to it.

All of these reasons is why databases are usually superior. They can be secured and protected by passwords and other applications, they are highly optimized to be efficient and they often have various locking mechanisms that work well with numerous users accessing it at the same time.

If, after all these reasons and comments by the other experts doesn’t sway you to just learn databases, at least do a few of the following with your file…

Make sure the file is not stored inside the web root of your site. PHP can reach files that are up and outside of its web directory. Be sure that all passwords are hashed with a strong hashing algorithm (not something like MD5). Design your application with the idea that the file may not always be available or accessible. If the file gets over a few megabytes, I would then strongly recommend going to a database since that file will take longer and longer to read. PHP could even burn up a lot of memory and time trying to read it.

