Webmaster Forum - View Single Post

exam · 04-26-2007, 01:06 PM

PHP Code:


		
			

// Make the filename safe for the OS (remove anything but letters, numbers, ., _, and -)
$file = preg_replace ('/[^a-zA-Z0-9\._-]/', '', $_POST['file']);

$cont = '<tr><td><b>'.$_POST['event'].'</b></td></tr><tr><td>'.$_POST['date'].'</td></tr><tr><td>'.$_POST['time'].'</td></tr><tr><td style="padding-bottom: 10px;">"'.$_POST['description'].'"</td>&nbsp;  </tr><br />';

$f = fopen ($file, 'w');
fputs ($f, $cont);
fclose ($f);

That's very simplistic, you need to sanitize all user input before using it, but it'll give you an idea of how to go about it. Note that I'm using the $_POST supervariable to access the data, change this if you're submitting the form via GET.

04-26-2007, 01:06 PM	#6 (permalink)
exam Contributing Member Join Date: 04-20-06 Posts: 333 iTrader: 0 / 0% Latest Blog: None	PHP Code: `// Make the filename safe for the OS (remove anything but letters, numbers, ., _, and -) $file = preg_replace ('/[^a-zA-Z0-9\._-]/', '', $_POST['file']); $cont = '<tr><td><b>'.$_POST['event'].'</b></td></tr><tr><td>'.$_POST['date'].'</td></tr><tr><td>'.$_POST['time'].'</td></tr><tr><td style="padding-bottom: 10px;">"'.$_POST['description'].'"</td>  </tr><br />'; $f = fopen ($file, 'w'); fputs ($f, $cont); fclose ($f);` That's very simplistic, you need to sanitize all user input before using it, but it'll give you an idea of how to go about it. Note that I'm using the $_POST supervariable to access the data, change this if you're submitting the form via GET.