UBB.Developers Forums Community Development Programming PHP and Server-side Scripting Making Files

Instead of making the files your self is there a way to have perl do that? Like I have someone enter a name and its saved as a .txt file automaticly. How is this done?

------------------
*
***
%###*###%
->>>Em8<<<-

just write to a file. when writing or appending to a file, the file doesn't have to exist, though the directory does.

my $file_name = param('file_name'); # collected from form

open(FILEWRITE,">/path/to/file/$file_name.txt")or die "Bad file: $!";
print FILEWRITE 'content';
close(FILEWRITE)or die "Bad file: $!";

------------------
Da Wannabe Cannuck

:: Who is Andy?

You forgot some Atom911

open(FILEWRITE,">/path/to/file/$file_name.txt")or die "Bad file: $!";
print FILEWRITE 'content';
close(FILEWRITE)or die "Bad file: $!";



------------------
Powered by ZCom Bulletin Boards

My bad, fixed now

I often forget those...always a pain to find out why.

------------------
Da Wannabe Cannuck

:: Who is Andy?

If this is for a CGI script, be aware that there are security issues in using user input to form file names.

Yes, Dave_L is correct. However, most these dangers can be thwarted by checking the data recieved from the user(as you should be anyway) Here would block all file names with anything but alpha-numeric characters in it:

die 'Bad characters in file name.' unless($file_name =~ /^[A-Za-z0-9]$/);

------------------
Da Wannabe Cannuck

:: Who is Andy?

You should check for even more security if your on an NT system, or even a unix system, just incase someone decides to hack you.

and




------------------

Hack Developer of the Ultimate Bulletin Board.
Due to time limitation, I do not offer support Via. E-mail or AIM. Please post on the forums.

Regards,
MasterMind

MasterMind -- The coding I had listed above would rule out both of the things that you did

------------------
Da Wannabe Cannuck

:: Who is Andy?

Sorry, i must be very tired i didn't even see it. ::sigh::

------------------

Hack Developer of the Ultimate Bulletin Board.
Due to time limitation, I do not offer support Via. E-mail or AIM. Please post on the forums.

Regards,
MasterMind

Mabey some day I'll be as good as Greg or Andy

------------------
*
***
%###*###%
->>>Em8<<<-

Well, I am not as good as andy, but i'll tell ya, it takes plenty of practice. I need to thank Mark, Andy and cal for their help...and constant putting up with me.

------------------

Hack Developer of the Ultimate Bulletin Board.
Due to time limitation, I do not offer support Via. E-mail or AIM. Please post on the forums.

Regards,
MasterMind

Yes, Mark definitely needs to be thanked for many - rather most - of the things I have learned, and the breaking of bad habits and the picking up of new good ones

------------------
Da Wannabe Cannuck

:: Who is Andy?

Here here to that!

------------------

Hack Developer of the Ultimate Bulletin Board.
Due to time limitation, I do not offer support Via. E-mail or AIM. Please post on the forums.

Regards,
MasterMind

LOL, thx guys

To keep up with tradition though, andy...you're about 99% of the way correct with:

die 'Bad characters in file name.' unless($file_name =~ /^[A-Za-z0-9]$/);

however ya made one BIIIIIG blunder. That regex only allows for a one character filename

and a smaller blunder... it doesn't allow for '.', _ and - which are perfectly valid in filenames.

I would use full on taint checking:

die 'Bad characters in file name.' unless $file_name =~ /^([w.-]+)$/;
$file_name = $1;

--mark

This message has been edited by Mark Badolato on November 26, 2000 at 07:53 PM

Your welcome mark.



------------------

Hack Developer of the Ultimate Bulletin Board.
Due to time limitation, I do not offer support Via. E-mail or AIM. Please post on the forums.

Regards,
MasterMind

hehe, I can't believe I forgot the plus in the regex.

------------------
Da Wannabe Cannuck

:: Who is Andy?