Writing to a file in PHP to create a comment section issues

So today I decided I would like to add a comment section to my website to receive feedback. Since I am still learning about databases in the meantime I decided to go with writing to a text file as a temporary place holder for the comment section. Even though just like databases I did not know how to do it I did find a youtube tutorial which seemed great. It was simple, to the point and the person described each thing as they went along. I created the two files the one with the php and the html and the blank html file to be written to. The issue is it is not working as upon posting it does not print the comment and the name entered anywhere.

Is there something supposed to be in the black html file that it is writing to even though the author said it was supposed to be left blank or am I screwing something up in my code? The tutorial is several years old so maybe that is a problem too although 4 months ago someone did comment saying it had worked. Another potential issue I can think of is maybe the server I am trying to upload it to but I doubt it.

Here is my code:

<?php
if($_POST) {
    $name = $_POST['name'];
    $content = $_POST['commentContent'];
    $handle = fopen("comments.html","a");
    fwrite($handle,"<b>" . $name . "</b>:<br/>" . $content . "<br/>");
    fclose($handle);
    
}
?>

<html>
    <head>
        
    </head>
    <body>
        <form action = "" method = "POST">
        Name: <input type = "text" name = "name"><br/>
        Comment: <textarea rows = "10" cols = "30" name = "commentContent"></textarea><br/>
        <input type = "submit" value = "Post"><br/>
        </form>
        <?php include "comments.html"; ?>
    </body>
</html>

And I have the blank comments.html file.

Try this script:

<?php
declare(strict_types=1); // PHP7 ONLY otherwise gives warning 
ini_set('html_errors', 'true');
ini_set('display_errors', 'true');
ini_set('display_startup_errors', 'true');
error_reporting(-1);


if($_POST)
{
  $name     = $_POST['name'];
  $content  = $_POST['commentContent'];
  $handle   = fopen("comments.html","a");
  fwrite($handle,"<b>" . $name . "</b>:<br/>" . $content . "<br/>");
  fclose($handle);
}

?>
<doctype html>
<html lang="en">
    <head>
        <title> Title goes here </title>
    </head>
    <body>
        <form action = "" method = "POST">
        Name: <input type = "text" name = "name"><br/>
        Comment: <textarea rows = "10" cols = "30" name = "commentContent"></textarea><br/>
        <input type = "submit" value = "Post"><br/>
        </form>
        <?php include "comments.html"; ?>
    </body>
</html>

Edit:
Spelling is not my forty

I tried it but I receive just a black white webpage with nothing showing. No errors nothing just a black page.

Appears as though there is a problem with you PHP.ini file setting.

Try this and see it cures the blank page, if it does gradually add the remaining script until the blank page appears agan.

<?php
declare(strict_types=1);
ini_set('html_errors', 'true');
ini_set('display_errors', 'true');
ini_set('display_startup_errors', 'true');
error_reporting(-1);
echo 'file: error_log ==> ' .ini_get('error_log');
die;

/*
ini_set('html_errors', 'true');
ini_set('display_errors', 'true');
ini_set('display_startup_errors', 'true');
error_reporting(-1);
*/

In honesty, I think you would be better off completing your learning on databases and using one.

If learning databases or any php, this is something to be wary of. If the DB tutorial is not using prepared statements, or is using mysql, as opposed to mysqli or PDO, then avoid it like the plague.
Which brings me to a few points in your current script which could be improved upon.

You should be using a more robust method to check for a form submission. Instead use:-

if($_SERVER['REQUEST_METHOD'] === 'POST'){

Another very important consideration is security. Any user input should be validated and sanitised.
If writing the input to a file like that, you can simply escape it with htmlspecialchars:-

fwrite($handle,"<b>" . htmlspecialchars($name) . "</b>:<br/>" . htmlspecialchars($content) . "<br/>");

Or do it at this stage, as these two lines as they are, are somewhat redundant:-

$name = htmlspecialchars($_POST['name']);
$content = htmlspecialchars($_POST['commentContent']);

Otherwise you are wide open to script injection.

Normally, using a database, I would escape on retrieval of the data, but since you are writing to an html file, it makes sense to do it there.

Thank you for all of the suggestions and I will be using a database but my site is up and in the meantime I want a temporary way to add comments for feedback because with databases I plan on doing a login and comment section and tying them together, etc. Of course I am still getting a black white screen with this so it isn’t going too well.

It still returns the blank screen like just that returns a blank screen.

AHA! I got errors showing using just

ini_set('display_errors',1); 
error_reporting(E_ALL);

I have a permission denied error which is the most worrying and a expected boolean error. Here are my errors:

Warning: fopen(comments.html): failed to open stream: Permission denied in \VSFILE07\STUDENTS-M-R\MARTIN.MCNICHOLAS\WEB\scriptingfortheweb\loginmain.php on line 11

Warning: fwrite() expects parameter 1 to be resource, boolean given in \VSFILE07\STUDENTS-M-R\MARTIN.MCNICHOLAS\WEB\scriptingfortheweb\loginmain.php on line 12

Warning: fclose() expects parameter 1 to be resource, boolean given in \VSFILE07\STUDENTS-M-R\MARTIN.MCNICHOLAS\WEB\scriptingfortheweb\loginmain.php on line 13

Getting the error reporting is good progress, it is essential for the development and debugging process.

I did almost mention file permissions, but having error reporting tells you that straight away.
The subsequent errors are a result of that first permissions error, because fopen fails, so returns false (a boolean).
As in: $handle is assigned a value of false.

So you need to alter the permissions for your file.

8 posts were split to a new topic: Problems changing file permissions

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.