OT: How to use html form input to append input to a file?
Alex Dean
alex at crackpot.org
Wed Jul 27 08:08:49 MST 2011
On Jul 26, 2011, at 2:17 PM, Eric Cope wrote:
> Hey Joe,
> That script has the basics to get it working, but there is a big caveat. You need to scrub the form input to prevent ALL malicious inputs from reaching the file. I'd hate to see someone put "rm -rf /" in the file and execute it.
I don't see any code that's actually executing the user-submitted data. If someone submitted 'rm -rf /', that string would be saved to the txt file, but there's no inherent danger in that.
Joe: Make sure that the file you're writing to is outside of the web server's document root. If you can browse to the txt file, then there is a security problem. Someone could submit malicious HTML/JavaScript/etc and then get others to view it.
> On Tue, Jul 26, 2011 at 1:42 PM, <joe at actionline.com> wrote:
>
>
> <?php
> $name = $_POST['name'];
> $email = $_POST['email'];
> $fp = fopen("formdata.txt", "a");
> $savestring = $name . "," . $email . "n";
That "n" should be a "\n".
> fwrite($fp, $savestring);
> fclose($fp);
> echo "Your data has been saved in a text file.>";
Remove the final ">" in that string. Or change it to '>' if you want to see a '>'.
http://en.wikipedia.org/wiki/Character_encodings_in_HTML#HTML_character_references
> ?>
>
> 3) "input-text.htm" containing this code:
>
> <form name=webform id=webform method=post action=process-form-data.php>
> Name: <input type=text name=name id=name> <br>
> Email: <input type=text name=email id=email> <br>
> <input type=submit name=s1 id=s1 value=Submit></form>
>
> When I try to run it, it just displays the php code
> and I see these messages repeated several times:
Sounds like your web server is not configured to execute PHP scripts. Make sure that PHP is installed, and that Apache (or other web server) is configured appropriately. http://www.php.net/install
>
> QPainter::begin: Widget painting can only begin as a result of a paintEvent
> QPainter::translate: Painter not active
> QPainter::setClipRect: Painter not active
> QPainter::font: Painter not active
> QPainter::setFont: Painter not active
> QPainter::setPen: Painter not active
> QPainter::worldTransform: Painter not active
> QWidget::repaint: Recursive repaint detected
> QWidget::repaint: Recursive repaint detected
Those are QT errors. I have no idea why you're seeing them as the result of a web form submission.
alex
More information about the PLUG-discuss
mailing list