Page 1 of 1

using Fopen to create a file from <input>

Posted: Mon Jun 29, 2009 3:25 pm
by andy106
Hi So I am trying to write a scritp that can create a file and name the file name from the <input> tag. here si what i have:

Code: Select all

 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
 
<body>
 
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method ="post">
File Name:<input type="text" id="file">
<br/>
 
<input  type="submit" id="submit" value="Submit">
</form> 
    
</body>
</html>
 
 
 
 
<?php
 
$filename = $_GET['file'];
 
if ($_SERVER['REQUEST_METHOD'] == 'POST') { 
 
$create=fopen($filename , "w");
fopen($create, 'w');
 
fclose($create); 
}
 
 
 
 
?>
 

I get this error:

Warning: fclose(): supplied argument is not a valid stream resource in /Applications/xampp/xamppfiles/htdocs/preorder/content.php on line 32
I am not sure why.

Thanks.

Re: using Fopen to create a file from <input>

Posted: Mon Jun 29, 2009 3:58 pm
by requinix
Let's try this again:

It means fopen couldn't open the $create. Because $create isn't a file name. You may have gotten another error message before this one.

You're also mixing up GETs and POSTs in your code. Your form has method=post and you use REQUEST_METHOD=POST, yet $_GET for the data...

Re: using Fopen to create a file from <input>

Posted: Mon Jun 29, 2009 4:34 pm
by kalebaustin

Code: Select all

$create=fopen($filename , "w");
fopen($create, 'w');
isn't correct either.

Two calls to fopen?

Re: using Fopen to create a file from <input>

Posted: Mon Jun 29, 2009 10:42 pm
by Benjamin
This is missing the name attribute:

Code: Select all

File Name:<input type="text" id="file">
This should be $_POST, not $_GET

Code: Select all

$filename = $_GET['file'];
The filename should be explicit, for security purposes.

Code: Select all

if (!preg_match('#^[a-z0-9]+$#i', $_POST['file'])) {
    exit();
}
You should not use this method for processing form data. It's not verbose enough.

Code: Select all

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
The variable name for a file pointer should not be called $create. To create a file if it does not exist you use the letter a, not w.

Code: Select all

$create = fopen($filename , "w");
This is redundant, why open the file twice?

Code: Select all

fopen($fp, 'w');
Why use fopen(), when you can use touch()?

The code that processes your form submission should be above the code that displays the page, so that you can display messages or redirect if you need to.

Here's a rewritten, untested version of your code.

Code: Select all

<?php
if (!preg_match('#^[a-z0-9]+$#i', $_POST['file'])) {
    exit();
}
 
if (!empty($_POST['do_action']) && $_POST['do_action'] == 'get_file') {
    touch($filename);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Untitled Document</title>
  </head>
 
  <body>
 
  <form action="<?php echo $_SERVER['PHP_SELF'];?>" method ="post">
    File Name:<input type="text" id="file" name="file">
    <br/>
    <input type="hidden" name="do_action" value="get_file" />
    <input  type="submit" id="submit" value="Submit">
  </form> 
   
  </body>
</html>