bklnthebeast Posted February 1, 2016 Share Posted February 1, 2016 (edited) Hey guys! I have a page that has multiple forms. I am trying to make a button that will save all the information from each textarea to a different .txt file. IE: textarea1 will save to textarea1.txt textarea2 will save to textarea2.txt textarea3 will save to textarea3.txt etc. I am able to save each individual form via individual submit buttons within each form, but I'd like to make a submit button outside of the other forms that saves all forms to their specific files. The code for one of the individual forms looks like this: <form method="post" action="?"> <h1>Physical Stats</h1> <textarea name="stats"><?php include ('resources/stats.txt'); ?></textarea> <br><input type="submit" name="update_stats" value="Update"/> </form> <?php if (isset($_POST['update_stats'])) { file_put_contents("resources/stats.txt", $_POST['stats']); } ?> Everything above works. And the code for the save all form looks like this: <form method="post" action="?"> <input type="submit" name="update_all" value="Update All"/> <br><br> </form> <?php if (isset($_POST['update_all'])) { file_put_contents("resources/stats.txt", $_POST['stats']); file_put_contents("resources/pro_exp.txt", $_POST['pro_exp']); file_put_contents("resources/pro_awards.txt", $_POST['pro_awards']); file_put_contents("resources/ama_exp.txt", $_POST['ama_exp']); file_put_contents("resources/ama_awards.txt", $_POST['ama_awards']); file_put_contents("resources/references.txt", $_POST['references']); } ?> This is the code I currently have and it's just not working. Right now the above code is actually clearing all of the text files. I'm afraid I'm a complete newb to writing scripts and I'm sure there is some rule about file_get_contents that I'm not aware of. Please help! Thanks! Edited February 1, 2016 by bklnthebeast Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted February 1, 2016 Share Posted February 1, 2016 The approach is very poor and very dangerous, because the text which you happily dump into a text file and then load into your script with an include statement is in fact treated as code. Nothing prevents an evil-minded user from actually putting PHP code into the file and having your server execute it. It's generally a bad idea to store data in text files, especially when you do it in a fire-and-forget fashion with no error checking, no locking, nothing. I can almost guarantee that your files will be filled with pure garbage after a while. Do you have an SQL database on your server? Something like MySQL? If not, there's still SQLite which stores the database in a single file. Learning the basics of SQL is easy, and it's definitely worth it. You'll never want to go back to your text files. Quote Link to comment Share on other sites More sharing options...
bklnthebeast Posted February 1, 2016 Author Share Posted February 1, 2016 (edited) The approach is very poor and very dangerous, because the text which you happily dump into a text file and then load into your script with an include statement is in fact treated as code. Nothing prevents an evil-minded user from actually putting PHP code into the file and having your server execute it. It's generally a bad idea to store data in text files, especially when you do it in a fire-and-forget fashion with no error checking, no locking, nothing. I can almost guarantee that your files will be filled with pure garbage after a while. Do you have an SQL database on your server? Something like MySQL? If not, there's still SQLite which stores the database in a single file. Learning the basics of SQL is easy, and it's definitely worth it. You'll never want to go back to your text files. Thank you and I appreciate it. I am very aware of the dangers of using this method but only specific people will have access to these forms as it will be behind a login. Any ideas on how to make this script work would be greatly appreciated. Edited February 1, 2016 by bklnthebeast Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted February 1, 2016 Share Posted February 1, 2016 So you're completely new to PHP, yet at the same time you've managed to assemble a bug-free state-of-the-art login mechanism? That's a bit hard to believe. Realistically, your forms are wide open to anybody who can type a URL on their keyboard. And even if we forget security for a moment, the idea of sending data to the PHP interpreter in the hopes that nothing will get executed is still incredibly bad. Yes, we can help you solve the underlying problem and show you a sane way of storing data. But, no, we will not help you shred your server. Quote Link to comment Share on other sites More sharing options...
bklnthebeast Posted February 1, 2016 Author Share Posted February 1, 2016 (edited) So you're completely new to PHP, yet at the same time you've managed to assemble a bug-free state-of-the-art login mechanism? That's a bit hard to believe. Realistically, your forms are wide open to anybody who can type a URL on their keyboard. And even if we forget security for a moment, the idea of sending data to the PHP interpreter in the hopes that nothing will get executed is still incredibly bad. Yes, we can help you solve the underlying problem and show you a sane way of storing data. But, no, we will not help you shred your server. The PHP login system has been scripted by somebody else. So no, I did not manage to assemble a bug-free state-of-the-art login mechanism. Can anyone solve the script please? Edited February 1, 2016 by bklnthebeast Quote Link to comment Share on other sites More sharing options...
ginerjm Posted February 1, 2016 Share Posted February 1, 2016 To start with - Jacques is giving you extremely good advice. Ignore it at your own peril. Trusting in a secure login is the same thing that all of the big retailers, banks, credit card companies, etc. have been doing for years and look how they make headlines? Through hackers! So - are you going to trust your very bad design behind a security portal that is most likely weak? Secondly - the design of a page with multiple forms that you then want to automatically consolidate is something pretty sophisticated for a newcomer. I suppose you got that from a trusted source also? HTML5 seems to offer the ability to assign input elements to specific forms with certain attributes but I am not sure how that all works now. (Mainly because I have not needed to do that.) If you used a db to store your info you could probably avoid the multi-form concerns that you have just by saving each text box into its own column in your table. Of course as pointed out to you already you have to be sure to sanitize all of your user input data! PS - Trusting in "other people's code" is something to be avoided. Just because it looks great to you (a newbie?) doesn't mean it's so good. Listen to Jacques. He knows of what he speaks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.