escaping fwrite data?

Monkuar · September 20, 2012

do we need to escape data that is entered into fwrite into a file?

my code:

$fh = @fopen('terms.html', 'wb');
fwrite($fh, ''.$_POST['Post'].'');
fclose($fh);

simple terms of service here, should i do mysql_real_escape_String and other sanitizing options or is it fine? will it ever result in an error if someone injecting malicious code?

Adam · September 20, 2012

Depends what the file is going to be used for..?

Christian F. · September 20, 2012

Since it's a HTML file, you should use htmlspecialchars (), unless you want to allow HTML markup to be written to the file.

But again, as Adam said: Output escaping depends upon the system you're outputting content to, and whether or not you want the content to be perceived as pure data or as syntax.

As for mysql_real_escape_string (): Ask yourself if you are going to save the file in a MySQL database.

Monkuar · September 20, 2012

Well, It will just be store basic html so I can use terms.html wherever I want globally.

I guess I will just leave it like it is, maybe put a strlen max characters or something. Thanks all

Christian F. · September 20, 2012

You're welcome.

Sign In

escaping fwrite data?

Recommended Posts

Monkuar

Link to comment

Share on other sites

Adam

Link to comment

Share on other sites

Christian F.

Link to comment

Share on other sites

Monkuar

Link to comment

Share on other sites

Christian F.

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information