Discussion of Coding

Blog coding and discussion of coding about JavaScript, PHP, CGI, general web building etc.

Tuesday, February 9, 2016

What's the easiest and safest way to record data being inputted by a user on a web site

Author:  |   |  No comments | 

What's the easiest and safest way to record data being inputted by a user on a web site


Apologies, this is a tragically simple question that will bore most of you.

I need to implement the simplest "leave your email and we'll contact you" web page. The simplest thing I could think of is doing an HTML form which calls a PHP script which appends the data in some file on the server. Easy to implement, but now I'm wondering if it's totally hackable. Is it? Are there obvious better ways that are still simple?

thanks

f

Answer by Artefacto for What's the easiest and safest way to record data being inputted by a user on a web site


It's all right, but you may find a full database or SQLite a better option.

Just make sure you put the file in a place that's not accessible to the other users (e.g. outside the web server root or in a protected directory), otherwise everyone would be able to see the comments.

Answer by jeroen for What's the easiest and safest way to record data being inputted by a user on a web site


Whatever solution you choose (file, database, email, etc.), the safety will depend on the way you implement it:

  • How are you filtering the input?
  • How many submits do you permit per ip address?
  • etc.

Answer by Jordan for What's the easiest and safest way to record data being inputted by a user on a web site


There are a few things you could do. First of all, since you're recording an email address, you could just use PHP's mail() function to send an email to somewhere centralized.

This sounds like a beta signup page, and a file would be ok if you don't have a database available. Just make sure that the file is stored outside of the served folder (above public_html, for example).

Also make sure that you regex or clean the data so that someone can't use it as a zombie form for spamming. Just cut off the email address input after the first \r\n and that will fix it.

Answer by Chief17 for What's the easiest and safest way to record data being inputted by a user on a web site


If you do decide to use a database (which I would, if you can: http://www.w3schools.com/PHP/php_mysql_intro.asp), make sure you sanity check all of your data (http://php.net/manual/en/function.mysql-real-escape-string.php) before you insert it into the database.

I would use a database as it makes it many times easier to analyse your data or even output in in a nice format on the page.

Answer by Andy for What's the easiest and safest way to record data being inputted by a user on a web site


By hackable, do you mean could someone damage your file? Or read it? Or...? If I wanted to do what you said, I'd do this:

    
 ...

It would be private in the sense that someone wouldn't know where to find it, and safe because I've used the htmlentities() function to remove any possible XSS.


Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\XAMPP INSTALLASTION\xampp\htdocs\endunpratama9i\www-stackoverflow-info-proses.php on line 72

0 comments:

Post a Comment

Popular Posts

Powered by Blogger.