Now that you understand how to create the basic web form to text file application, you are ready to add the four features mentioned at the start of this tutorial.
The process flow will be:
The green areas in the flow chart are features to be added to the basic implementation discussed previously.
Feature 1. Sanitizing User inputs in $_POST
If you are planning to deploy this in your website, you need to sanitize to avoid unwanted inputs. This can prevent any malicious form of input from entering your application.
Acunetix, one of the website security experts, recommends the use of the following PHP built in functions to further sanitize the input:
1. strip_tags() =
http://php.net/manual/en/function.strip-tags.php; this will remove the scripting tags in the text input if you are allowing only pure text input to pass through the form.
2. nl2br() =
http://php.net/manual/en/function.nl2br.php; this will convert line break to <br />. This will ensure that the line breaks are intended for text formatting reasons.
3. htmlspecialchars() =
htt p://php.net/manual/en/function.htmlspecialchars.php; this will convert HTML special characters to HTML entities.
4. escapeshellarg() =
http://php.net/manual/en/function.escapeshellarg.php ;this will prevent malicious execution of code that is contained in the user input.
To add this set of functions to sanitize user input, call these functions just after parsing the $_POST and assigning it to the $textinputs variable:
//Functions to sanitize the input
But using these functions will add a quote at the beginning and end of the text written to the file. For example:
'The quick brown fox jumps over the lazy dog.'
To correct this problem, just add:
And place it immediately after:
blog comments powered by Disqus