Saving a form to the server

On May 13, 9:48 am, Dave Kelly <daveeke...@earthlink.netwrote:

There has to be a name for what I want to do and I don't know what words
to google for.

I have a form here:http://www.texasflyfishers.org/firstpage.htm

I want to submit it to the server and have it saved:
1. In a directory by the guides name which would be the variable
'describe11'. Create this directory if it does not already exist.
2. Create a special file name from the date and time submitted.

This form will be filled out by a bunch that are not very computer
literate, so I must automate everything for them.

I've been searching/googling for 3 weeks now with little to no success.
Can anyone help?

TIA
Dave
--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

At the moment, that website is down. Based on your description, I
think I can guess at what you need though.

When you submit a form to a PHP page, that PHP script can access the
data that's in the form through the $_REQUEST superglobal array. You
can be more specific and use either $_GET or $_POST, which correspond
to the method attribute on the HTML form tag. You most likely want to
use the POST method to keep the url looking clean. You can just use
$_REQUEST no matter what method you use. If you change you mind later,
you can just change the HTML form tag.

So here's an example of how to use your superglobals:

<?php // this is whatever.php
if( isset( $_REQUEST['submitBtn'] ) )
{
$name = $_REQUEST['name'];
$email = $_REQUEST['email'];

//do something with those variables...
}
?>
<html><head><title>myform</title></head><body>
<form id="myForm" method="post" action="whatever.php">
<label for="name">Name</label><br />
<input type="text" id="name" /><br /><br />

<label for="email">Email</label><br />
<input type="text" id="email" /><br /><br />

<input type="submit" id="submitBtn" value="submit" />
</form>
</body></html>

Now you have your data, and what you do next depends on what kind of
data it is. You should probably save it into a database. Databases are
designed to make it easier to store and retrieve data. If you don't
have access to a database, then it's ok to just use flat files as you
mentioned. The data is easier to store than retrieve with flat files.

Here's what you can do with those variables in the body of the
conditional (to save in files):

<?php
$baseDir = 'stuff';
if( !is_dir( "$baseDir/$describe11" ) )
mkdir( "$baseDir/$describe11" );
$filename = time()."|{$_REQUEST['name']}.dat";
file_put_contents( "$baseDir/$describe11/$fileName",
serialize( $_REQUEST ) );
?>

Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system. The above will put the form data into a file in /stuff/
<guide>/<time>|<name>.dat.

Here's another simple example to retrieve the data with another file:

<?php // read.php
$baseDir = 'stuff';
$guide = isset( $_REQUEST['guide'] )
? $_REQUEST['guide']
: 'defaultguide';

$stuff = dir( "$baseDir/$guide" );
while( false !== ( $item = $stuff->read() ) )
{
if( !preg_match( '#([0-9]+)\|(.*)\.dat#i', $item, $info ) )
continue;

$data = unserialize( file_get_contents( "$baseDir/$guide/$item" ) );

echo "Time: {$info[1]}<br />Name: {$info[2]}<br />Data:<br />",
str_replace( "\n", '<br />', str_replace( ' ', '&nbsp;',
$data ) ),
'<br /><br />';
}
?>

You would be able to list all submissions associated with a guide by
adding ?guide=<guidenameto the end of the url. You should make that
variable safe for the file system before using it, though.

-Mike PII

Mike P2 wrote:

On May 13, 9:48 am, Dave Kelly <daveeke...@earthlink.netwrote:

At the moment, that website is down. Based on your description, I
think I can guess at what you need though.

Thanks for the long and detailed response. Appreciate the help.
I can't comment until I wade through all you said.

About the site being down.
Your timestamp was 12:34, at 1:25 it was up. This happens quite a lot.
Even to me. Wish I knew why.

D

--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

Mike P2 wrote:

?>

Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system.
?>

You should make that

variable safe for the file system before using it, though.

To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?

<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

On May 13, 7:26 pm, Dave Kelly <daveeke...@earthlink.netwrote:

Mike P2 wrote:

?>

Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system.
?>

You should make that

variable safe for the file system before using it, though.

To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?

<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;}

?>

--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

That function is for making data safe to insert it into the database.
What I meant was to strip out forward slashes and backslashes, because
otherwise they could put in a name that would make a file path that's
not where you want it to be.

If they put a slash in it, PHP might think it means the first part is
a folder.

-Mike PII

Mike P2 wrote:

On May 13, 7:26 pm, Dave Kelly <daveeke...@earthlink.netwrote:

>Mike P2 wrote:

>>?>
Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system.
?>

You should make that

>>variable safe for the file system before using it, though.

To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?

<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;}

?>

--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

That function is for making data safe to insert it into the database.
What I meant was to strip out forward slashes and backslashes, because
otherwise they could put in a name that would make a file path that's
not where you want it to be.

If they put a slash in it, PHP might think it means the first part is
a folder.

-Mike PII

Does this not take care of that?

// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

Dave Kelly wrote:

Mike P2 wrote:

>On May 13, 7:26 pm, Dave Kelly <daveeke...@earthlink.netwrote:

>>Mike P2 wrote:
?>
Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system.
?>
You should make that

variable safe for the file system before using it, though.
To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?

<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;}

?>

--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

That function is for making data safe to insert it into the database.
What I meant was to strip out forward slashes and backslashes, because
otherwise they could put in a name that would make a file path that's
not where you want it to be.

If they put a slash in it, PHP might think it means the first part is
a folder.

-Mike PII

Does this not take care of that?

// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

Nope, it only does it if get_magic_quotes_gpc returns true.

The basic rule of thumb about making data safe (at least for textual
representations) is use stripslashes on it anyway.

Granted, the rule of thumb is "make data safe/never trust user input."

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.

On May 13, 9:22 pm, Dave Kelly <daveeke...@earthlink.netwrote:

Mike P2 wrote:

On May 13, 7:26 pm, Dave Kelly <daveeke...@earthlink.netwrote:

Mike P2 wrote:
?>
Let's assume you made $_REQUEST['name'] and $describe11 safe for the
file system.
?>
You should make that

>variable safe for the file system before using it, though.
To isolate a question. I have searched for make variable safe and this
is what I found. Is this what you intended by the above statements?

<?php //quote-smart.php
// Quote variable to make safe
function quote_smart($value) {
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value) || $value[0] == '0') {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;}

?>

--
A little rum in the morning coffee. Just to clear the cobwebs, ya know.

That function is for making data safe to insert it into the database.
What I meant was to strip out forward slashes and backslashes, because
otherwise they could put in a name that would make a file path that's
not where you want it to be.

If they put a slash in it, PHP might think it means the first part is
a folder.

-Mike PII

Does this not take care of that?

// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}

--

That's still related to apostrophes and the database. stripslashes()
replaces \' with ', which is supposed to undo addslashes() which does
the opposite.

What I'm talking about is something like this:

$var = str_replace( array( '/', '\\' ), '-', $var );

That should remove slashes that might confuse the file system into
thinking there's another folder there.

By the way, if you are inserting stuff into a MySQL database, you
should use the appropriate real_escape_string() function instead of
addslashes(). For example, if you are using the normal MySQL
extension, use the mysql_real_escape_string() function to escape crap
that can confuse MySQL. There's other stuff than just apostrophes and
backslashes that should be escaped for MySQL.

-Mike PII