Home arrow PHP arrow Page 4 - PHP Form to Text File: the Basics

Adding Four Features to the Basic Web Application - PHP

This is a basic tutorial on the application of PHP to get text information from a web form and write it to a text file.

TABLE OF CONTENTS:
  1. PHP Form to Text File: the Basics
  2. Processing inputs from submitted form and writing the text to a file
  3. Code discussion
  4. Adding Four Features to the Basic Web Application
  5. Adding features, continued
By: Codex-M
Poor Best
Rating: starstarstarstarstar / 3
July 20, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
 

Now that you understand how to create the basic web form to text file application, you are ready to add the four features mentioned at the start of this tutorial.

The process flow will be:

 

The green areas in the flow chart are features to be added to the basic implementation discussed previously.  

Feature 1. Sanitizing User inputs in $_POST  

If you are planning to deploy this in your website, you need to sanitize to avoid unwanted inputs. This can prevent any malicious form of input from entering your application. 

Acunetix, one of the website security experts, recommends the use of the following PHP built in functions to further sanitize the input: 

1. strip_tags() =

http://php.net/manual/en/function.strip-tags.php; this will remove the scripting tags in the text input if you are allowing only pure text input to pass through the form.  

An example of scripting tags that will be removed are the <?php ?> tags as well as JavaScript tags and other HTML tags.  

2. nl2br() =

http://php.net/manual/en/function.nl2br.php; this will convert line break to <br />. This will ensure that the line breaks are intended for text formatting reasons.  

3. htmlspecialchars() =

  htt p://php.net/manual/en/function.htmlspecialchars.php; this will convert HTML special characters to HTML entities.  

4. escapeshellarg() =

http://php.net/manual/en/function.escapeshellarg.php ;this will prevent malicious execution of code that is contained in the user input.

To add this set of functions to sanitize user input, call these functions just after parsing the $_POST and assigning it to the $textinputs variable:

$textinputs =trim($_POST['textinputs']);

 

//Functions to sanitize the input

$textinputs= strip_tags($textinputs);

 

$textinputs =nl2br($textinputs);

 

$textinputs =htmlspecialchars($textinputs);

 

$textinputs =escapeshellarg($textinputs); 

But using these functions will add a quote at the beginning and end of the text written to the file. For example:  

'The quick brown fox jumps over the lazy dog.'  

To correct this problem, just add:  

$textinputs =substr($textinputs,1,-1); 

And place it immediately after:

$textinputs =escapeshellarg($textinputs); 



 
 
>>> More PHP Articles          >>> More By Codex-M
 

blog comments powered by Disqus
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...
Find More PHP Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: