2

I am saving search data on website to text file on my disk.

I want to know if it is safe to do that. What if some virus script is saved into the file? is it harmful?

This is the code that I am using to save form data to text file:

if(isset($_GET ['search'])) {
    $data = $_GET ['search'];
    $date = date("d/m/y : H:i:s : "); 
    $ret = file_put_contents('mydata.txt', $date.$data.PHP_EOL, FILE_APPEND | LOCK_EX);
}
mickmackusa
  • 43,625
  • 12
  • 83
  • 136
Vinay
  • 2,272
  • 4
  • 19
  • 34
  • Why not use a database? – Rob Jun 17 '18 at 07:19
  • 1
    I am saving to database also using prepared statement. but i want to save into text file too so that i can delete old entries from database. – Vinay Jun 17 '18 at 07:22
  • You could export your database-records or back-up your database instead. I'm unsure why you would like to write direct user input on your PC or server into a txt-file. Maybe you could try to "GET" the eicar-virus-test-file. – Rob Jun 17 '18 at 07:24
  • 3
    Use directory outside webserver path to be sure nobody can open mydata.txt from web. – Alex S. Jun 17 '18 at 07:24
  • then i will avoid to save user input in txt file on webserver. i will use only database. thanks for suggestion. – Vinay Jun 17 '18 at 07:30
  • I don't see how a txt file with code should be able to run. – Andreas Jun 17 '18 at 08:18
  • @vinay It seems that you have been sufficiently convinced to change your program design. I believe all questions should find some sort of system-recognized resolution. These resolutions include: Accepted Answer, Question Closure (by Community), or Page Deletion (by OP or Community). Please do your part to prevent question abandonment, because abandoned pages are information dead-ends for future researchers. – mickmackusa Jun 26 '18 at 23:56
  • 2
    yes i will keep that in mind. – Vinay Jun 27 '18 at 04:05

0 Answers0