Jump to content

Saving info from multiple forms at once


bklnthebeast

Recommended Posts

Hey guys!

 

I have a page that has multiple forms.  I am trying to make a button that will save all the information from each textarea to a different .txt file.

 

IE:  textarea1 will save to textarea1.txt

  textarea2 will save to textarea2.txt

  textarea3 will save to textarea3.txt

etc.

 

I am able to save each individual form via individual submit buttons within each form, but I'd like to make a submit button outside of the other forms that saves all forms to their specific files.

 

The code for one of the individual forms looks like this:



<form method="post" action="?">
            <h1>Physical Stats</h1>
            <textarea name="stats"><?php include ('resources/stats.txt'); ?></textarea>
            <br><input type="submit" name="update_stats" value="Update"/>
        </form>  
        
        <?php 
    if (isset($_POST['update_stats'])) {
    file_put_contents("resources/stats.txt", $_POST['stats']); } ?>


Everything above works.

 

 

And the code for the save all form looks like this:



<form method="post" action="?">
        <input type="submit" name="update_all" value="Update All"/>
        <br><br>
    </form>
<?php 
    if (isset($_POST['update_all'])) {
    file_put_contents("resources/stats.txt", $_POST['stats']);
    file_put_contents("resources/pro_exp.txt", $_POST['pro_exp']);
    file_put_contents("resources/pro_awards.txt", $_POST['pro_awards']);
    file_put_contents("resources/ama_exp.txt", $_POST['ama_exp']);
    file_put_contents("resources/ama_awards.txt", $_POST['ama_awards']);
    file_put_contents("resources/references.txt", $_POST['references']); }
?>


This is the code I currently have and it's just not working.  Right now the above code is actually clearing all of the text files.  I'm afraid I'm a complete newb to writing scripts and I'm sure there is some rule about file_get_contents that I'm not aware of.  

 

Please help!  Thanks!  :)

Edited by bklnthebeast
Link to comment
Share on other sites

The approach is very poor and very dangerous, because the text which you happily dump into a text file and then load into your script with an include statement is in fact treated as code. Nothing prevents an evil-minded user from actually putting PHP code into the file and having your server execute it.

 

It's generally a bad idea to store data in text files, especially when you do it in a fire-and-forget fashion with no error checking, no locking, nothing. I can almost guarantee that your files will be filled with pure garbage after a while.

 

Do you have an SQL database on your server? Something like MySQL? If not, there's still SQLite which stores the database in a single file. Learning the basics of SQL is easy, and it's definitely worth it. You'll never want to go back to your text files.

Link to comment
Share on other sites

The approach is very poor and very dangerous, because the text which you happily dump into a text file and then load into your script with an include statement is in fact treated as code. Nothing prevents an evil-minded user from actually putting PHP code into the file and having your server execute it.

 

It's generally a bad idea to store data in text files, especially when you do it in a fire-and-forget fashion with no error checking, no locking, nothing. I can almost guarantee that your files will be filled with pure garbage after a while.

 

Do you have an SQL database on your server? Something like MySQL? If not, there's still SQLite which stores the database in a single file. Learning the basics of SQL is easy, and it's definitely worth it. You'll never want to go back to your text files.

 

Thank you and I appreciate it.  I am very aware of the dangers of using this method but only specific people will have access to these forms as it will be behind a login.  Any ideas on how to make this script work would be greatly appreciated.

Edited by bklnthebeast
Link to comment
Share on other sites

So you're completely new to PHP, yet at the same time you've managed to assemble a bug-free state-of-the-art login mechanism? That's a bit hard to believe.

 

Realistically, your forms are wide open to anybody who can type a URL on their keyboard. And even if we forget security for a moment, the idea of sending data to the PHP interpreter in the hopes that nothing will get executed is still incredibly bad.

 

Yes, we can help you solve the underlying problem and show you a sane way of storing data. But, no, we will not help you shred your server.

Link to comment
Share on other sites

So you're completely new to PHP, yet at the same time you've managed to assemble a bug-free state-of-the-art login mechanism? That's a bit hard to believe.

 

Realistically, your forms are wide open to anybody who can type a URL on their keyboard. And even if we forget security for a moment, the idea of sending data to the PHP interpreter in the hopes that nothing will get executed is still incredibly bad.

 

Yes, we can help you solve the underlying problem and show you a sane way of storing data. But, no, we will not help you shred your server.

 

The PHP login system has been scripted by somebody else.  So no, I did not manage to assemble a bug-free state-of-the-art login mechanism.  

 

Can anyone solve the script please?

Edited by bklnthebeast
Link to comment
Share on other sites

To start with - Jacques is giving you extremely good advice. Ignore it at your own peril. Trusting in a secure login is the same thing that all of the big retailers, banks, credit card companies, etc. have been doing for years and look how they make headlines? Through hackers! So - are you going to trust your very bad design behind a security portal that is most likely weak?

 

Secondly - the design of a page with multiple forms that you then want to automatically consolidate is something pretty sophisticated for a newcomer. I suppose you got that from a trusted source also? HTML5 seems to offer the ability to assign input elements to specific forms with certain attributes but I am not sure how that all works now. (Mainly because I have not needed to do that.) If you used a db to store your info you could probably avoid the multi-form concerns that you have just by saving each text box into its own column in your table. Of course as pointed out to you already you have to be sure to sanitize all of your user input data!

 

PS - Trusting in "other people's code" is something to be avoided. Just because it looks great to you (a newbie?) doesn't mean it's so good.

 

Listen to Jacques. He knows of what he speaks.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.