0

I can save any string without any problem using file_put_contents. But as soon as there's an '@' in the string the script starts an unintented download. The string is sent in a form using the post-method. The php-script contains the following line:

file_put_contents("users/testguy/email.pfl", $_POST['email']);

I expect the string (an ordinary email-address like abc@defghi.xyz) to be saved in the file "email.pfl" ('.pfl' is my alternative to '.inc' and is supposed to be short for 'profile'). But instead a pop-up window in firefox browser asks me how I wanted to proceed with that file (it says: 'Type: application/x-httpd-php'). I have absolutely no idea how this problem occurs. Again: It works flawlessly with any other string.

Marlug
  • 1
  • You are asking two different things - one is saving a file with PHP, the other is servis a file with PHP. Are you serving the *.pfl file to the user after you save it? – Putr Oct 31 '19 at 20:45
  • Can you share the exact code leading to that error? – Nico Haase Oct 31 '19 at 21:30

1 Answers1

0

use @ instead of an @ sign so that it will not trigger a download

David
  • 65
  • 2
  • 8
  • 2
    Can you explain that further? Where should that be used and why? – Nico Haase Oct 31 '19 at 21:30
  • The @ sign is used by the users when they enter their email-addresses in a form. So, I cannot expect them to enter the alternative code.But thanks. – Marlug Nov 01 '19 at 09:42
  • no using `htmlspecialchars()` you can convert the string containing the email address to one that replaces the special chars (the @ is your case) with the ascii code so that it appears correctly on the page but does not have unintended behaviors. – David Nov 01 '19 at 13:04