1

I'm making a registration form, but can't seem to write to text file. In this code, I'm putting a person's real name in their file in acc/pplid/[name].txt The file isn't writing at all - the echo doesn't output anything. I'm running off of Microsoft Webmatrix on my computer. Thanks in advance!

        $irlname = $_POST["irlname"];
        $name = $_POST["username"];
        $email = $_POST["email"];
        $password = $_POST["password"];
        $name = htmlentities($name);

        echo $name;
        file_put_contents("acc/pplid/".name.".txt", $irlname);
        echo file_get_contents("acc/pplid/".$name.".txt");
Improve this question
4
  • 1
    FYI, this allows you to overwrite arbitrary files by putting a NUL byte in the name and using ../ to go up in the directory tree. It also makes no sense to HTML-escape a filename. Files that cannot be written to can be read - so the code is double bad.
    – ThiefMaster
    Commented Sep 22, 2012 at 2:31
  • I'm sorry that my code is double-bad. I've escaped the filename because it's a textbox on the other end, no checking of any kind. If you'd like to tell me how I could prevent NUL bytes, that would be helpful. My top concern is making it work. :P Thanks, though. I'll look into it.
    – Andrey
    Commented Sep 22, 2012 at 2:45
  • The only safe thing for such a case (besides using a database instead of flat files) is using a strict whitelist to validate the string
    – ThiefMaster
    Commented Sep 22, 2012 at 11:42
  • I've made NUL bytes be replaced with nothing, and it now makes sure that it only contains a-z and 0-9.
    – Andrey
    Commented Sep 22, 2012 at 17:55

1 Answer 1

Reset to default
2 
file_put_contents("acc/pplid/".name.".txt", $irlname);

Should be

file_put_contents("acc/pplid/".$name.".txt", $irlname);

unless name is defined else where, otherwise I'd say check the write permissions. Check the status of the folder with file_exists or is_dir prior to file_put_contents.

Example

if(is_dir("acc/pplid") && is_writable("acc/pplid")){
    file_put_contents("acc/pplid/".$name.".txt", $irlname);
} else echo "A problem with the folder occurred";
Improve this answer
5
  • I'll check if file_exists, as adding the $ didn't fix it
    – Andrey
    Commented Sep 22, 2012 at 2:35
  • I added print( file_exists("acc/pplid/") ); as well as print( file_exists("acc/pplid/".$name.".txt") ); and the page is simply blank. When I check the properties of the folder, the tick box for it is filled, like it if some files are read-only and some aren't. When I untick it and re-open the properties window, it still is filled.
    – Andrey
    Commented Sep 22, 2012 at 2:41
  • "What do you mean? this folder could not be found" was outputted
    – Andrey
    Commented Sep 22, 2012 at 2:46
  • "A problem with the folder occurred"
    – Andrey
    Commented Sep 22, 2012 at 2:48
  • Read this answer I gave on file management for php stackoverflow.com/questions/11289705/…
    – classicjonesynz
    Commented Sep 22, 2012 at 2:53

Not the answer you're looking for? Browse other questions tagged or ask your own question.