On Jul 26, 2011, at 2:17 PM, Eric Cope wrote:
> Hey Joe,
> That script has the basics to get it working, but there is a big caveat. You
> need to scrub the form input to prevent ALL malicious inputs from reaching
> the file. I'd hate to see someone put "rm -rf /" in the file and execute it.
I don't see any code that's actually executing the user-submitted data. If
someone submitted 'rm -rf /', that string would be saved to the txt file, but
there's no inherent danger in that.
Joe: Make sure that the file you're writing to is outside of the web server's
document root. If you can browse to the txt file, then there is a security
problem. Someone could submit malicious HTML/JavaScript/etc and then get
others to view it.
> On Tue, Jul 26, 2011 at 1:42 PM, <j...@actionline.com> wrote:
>
>
> <?php
> $name = $_POST['name'];
> $email = $_POST['email'];
> $fp = fopen("formdata.txt", "a");
> $savestring = $name . "," . $email . "n";
That "n" should be a "\n".
> fwrite($fp, $savestring);
> fclose($fp);
> echo "Your data has been saved in a text file.>";
Remove the final ">" in that string. Or change it to '>' if you want to see
a '>'.
http://en.wikipedia.org/wiki/Character_encodings_in_HTML#HTML_character_references
> ?>
>
> 3) "input-text.htm" containing this code:
>
> <form name=webform id=webform method=post action=process-form-data.php>
> Name: <input type=text name=name id=name> <br>
> Email: <input type=text name=email id=email> <br>
> <input type=submit name=s1 id=s1 value=Submit></form>
>
> When I try to run it, it just displays the php code
> and I see these messages repeated several times:
Sounds like your web server is not configured to execute PHP scripts. Make
sure that PHP is installed, and that Apache (or other web server) is configured
appropriately. http://www.php.net/install
>
> QPainter::begin: Widget painting can only begin as a result of a paintEvent
> QPainter::translate: Painter not active
> QPainter::setClipRect: Painter not active
> QPainter::font: Painter not active
> QPainter::setFont: Painter not active
> QPainter::setPen: Painter not active
> QPainter::worldTransform: Painter not active
> QWidget::repaint: Recursive repaint detected
> QWidget::repaint: Recursive repaint detected
Those are QT errors. I have no idea why you're seeing them as the result of a
web form submission.
alex
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
