importing variables in to a page using fopen

  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

how would you go about inputting variables from a form in to another page.

ie)

PHP Code: [ Select ]
 
 
 
$filename = "filename and directory";
 
 
 
$content = "$_POST['name'];"
 
 
 
$write = $fopen ($filename, a+)
 
 
 
fwrite ($write, $content)
 
 
 
fclose ($filename)
 
 
 
 
  1.  
  2.  
  3.  
  4. $filename = "filename and directory";
  5.  
  6.  
  7.  
  8. $content = "$_POST['name'];"
  9.  
  10.  
  11.  
  12. $write = $fopen ($filename, a+)
  13.  
  14.  
  15.  
  16. fwrite ($write, $content)
  17.  
  18.  
  19.  
  20. fclose ($filename)
  21.  
  22.  
  23.  
  24.  


The above is an example, as long as you get the right idea anyway... when i try it will just have...
Quote:
$_POST['name'];"
What i want is for the empty document to have what ever was in the text input 'name'.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

dont put it in quotes

PHP Code: [ Select ]
$content = $_POST['name'];


what you are doing is setting a varible to another varible so you dont need quotes.

PHP Code: [ Select ]
 
$var1 = "hello world";
 
 
 
$var2 = $var1;
 
 
 
echo("$var2");
 
 
 
//output
 
//hello world
 
 
 
/*Now you might just look at this and say, well it wil work with quotes too BUT when you write to a file it inputs everything in the quotes.  so if you want quotes and text you would have to close the quotes*/
 
 
 
//ie)
 
$var = "asd";
 
$connect = "text".$var."text";
 
 
 
//output
 
//textasdtext
 
 
 
 
  1.  
  2. $var1 = "hello world";
  3.  
  4.  
  5.  
  6. $var2 = $var1;
  7.  
  8.  
  9.  
  10. echo("$var2");
  11.  
  12.  
  13.  
  14. //output
  15.  
  16. //hello world
  17.  
  18.  
  19.  
  20. /*Now you might just look at this and say, well it wil work with quotes too BUT when you write to a file it inputs everything in the quotes.  so if you want quotes and text you would have to close the quotes*/
  21.  
  22.  
  23.  
  24. //ie)
  25.  
  26. $var = "asd";
  27.  
  28. $connect = "text".$var."text";
  29.  
  30.  
  31.  
  32. //output
  33.  
  34. //textasdtext
  35.  
  36.  
  37.  
  38.  
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

so in your cose nem sense i know what you are doing you would have something like this
PHP Code: [ Select ]
$connect = "$conn = @mysql_connect('".$_POST['sqlhost'];."','".$_POST['sqluser'];."','".$_POST['sqlpass']."');
 
if(!$conn) {
 
echo('Could not connect to database');
 
 
 
//and so farword
 
 
  1. $connect = "$conn = @mysql_connect('".$_POST['sqlhost'];."','".$_POST['sqluser'];."','".$_POST['sqlpass']."');
  2.  
  3. if(!$conn) {
  4.  
  5. echo('Could not connect to database');
  6.  
  7.  
  8.  
  9. //and so farword
  10.  
  11.  


make sure when you are closing the quotes you put a period after and same when you open, put a period before.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

Nem I think you should go check out those pages on common PHP security mistakes.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Yeah, Thanks Rabid.
  • Rabid Dog
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3245
  • Loc: South Africa

Post 3+ Months Ago

The reason I say this is because I haven't seen you test any of the user input variables. NEVER NEVER NEVER insert user variables straight into an SQL statement - NEVER!
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Why not? This is what i need to do...

//added bit below...

Im using user inputs to connect to the database...
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

this is the page i need to look at right?

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/2/

what does it mean by strip slashes?

what if i were to do something like this. The IPB installation code also uses user inputs...

PHP Code: [ Select ]
 
   if ( ! $connect_id = mysql_connect( $INFO['sql_host'],$INFO['sql_user'],$INFO['sql_pass'] ) )
 
   {
 
      install_error("Could not create a mySQL connection, please check that the file 'conf_global.php' exists in the same directory as this file and that the installer has updated the file properly.");
 
   }
 
   
 
     
 
   if ( ! mysql_select_db($INFO['sql_database'], $connect_id) )
 
   {
 
      install_error("mySQL could not locate a database called '{$VARS['sql_database']}'. Please contact our technical support if a re-install does not solve this problem");
 
   }
 
 
  1.  
  2.    if ( ! $connect_id = mysql_connect( $INFO['sql_host'],$INFO['sql_user'],$INFO['sql_pass'] ) )
  3.  
  4.    {
  5.  
  6.       install_error("Could not create a mySQL connection, please check that the file 'conf_global.php' exists in the same directory as this file and that the installer has updated the file properly.");
  7.  
  8.    }
  9.  
  10.    
  11.  
  12.      
  13.  
  14.    if ( ! mysql_select_db($INFO['sql_database'], $connect_id) )
  15.  
  16.    {
  17.  
  18.       install_error("mySQL could not locate a database called '{$VARS['sql_database']}'. Please contact our technical support if a re-install does not solve this problem");
  19.  
  20.    }
  21.  
  22.  


just a snippet.... If this isnt allowed to be posted, then jus delete it.



mine is like the following:
PHP Code: [ Select ]
 
   $location = $_POST["sqlhost"];
 
   $username = $_POST["sqluser"];
 
   $password = $_POST["sqlpass"];
 
   $database = $_POST["sqldbase"];
 
   $conn = mysql_connect("$location","$username","$password");
 
 
 
 
 
///errors show below.
  1.  
  2.    $location = $_POST["sqlhost"];
  3.  
  4.    $username = $_POST["sqluser"];
  5.  
  6.    $password = $_POST["sqlpass"];
  7.  
  8.    $database = $_POST["sqldbase"];
  9.  
  10.    $conn = mysql_connect("$location","$username","$password");
  11.  
  12.  
  13.  
  14.  
  15.  
  16. ///errors show below.

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 100 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.