Member Avatar for kanaku

I'm using an html form to add to a list, specifically a flatfile database called demo3.txt. The add.php file is this:

<?php

$name = $_POST['name'];
$nickname = $_POST['nickname'];
$motto = $_POST['motto'];

$fp = fopen("demo3.txt","a");

if(!$fp) {
    echo 'Error: Cannot open file.';
    exit;
}

fwrite($fp, "\r\n".$name."|".$nickname."|".$motto);


echo 'The data has been added to the database. <a href="form.html">Add more?</a>';

fclose($fp);
?>

The form code looks like this:

<form action="add.php" method="post">
<label>Member name:</label><input type="text" name="name" size="20"><br>
<label>Nickname:</label><input type="text" name="nickname" size="20"><br>
<label>Motto:</label><textarea name="motto" rows="5" cols="50"></textarea><br>
<input type="submit" value="Add to List"> <input type="reset" value="Clear Form">
</form>

I haven't uploaded the codes to the site yet because I was thinking that people might be able to access the form.html page and they might mess up the flatfile database. Is there anything I can do to secure the form.html page so that only people with a password can access it?

For example, if I want to set-up an admin login page, how do I code that with php? Do I need to work with a MySQL database? If there's a way to do it without using MySQL, I'd really appreciate it.

Thanks to people who'll help, if the question isn't clear, please tell me so I could clear things up, I'd really appreciate help on this. Thanks!

  • 3 Contributors
  • 3 Replies
  • 97 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by kanaku
Member Avatar for Rhyan

I'm using an html form to add to a list, specifically a flatfile database called demo3.txt. The add.php file is this:

<?php

$name = $_POST['name'];
$nickname = $_POST['nickname'];
$motto = $_POST['motto'];

$fp = fopen("demo3.txt","a");

if(!$fp) {
    echo 'Error: Cannot open file.';
    exit;
}

fwrite($fp, "\r\n".$name."|".$nickname."|".$motto);


echo 'The data has been added to the database. <a href="form.html">Add more?</a>';

fclose($fp);
?>

The form code looks like this:

<form action="add.php" method="post">
<label>Member name:</label><input type="text" name="name" size="20"><br>
<label>Nickname:</label><input type="text" name="nickname" size="20"><br>
<label>Motto:</label><textarea name="motto" rows="5" cols="50"></textarea><br>
<input type="submit" value="Add to List"> <input type="reset" value="Clear Form">
</form>

I haven't uploaded the codes to the site yet because I was thinking that people might be able to access the form.html page and they might mess up the flatfile database. Is there anything I can do to secure the form.html page so that only people with a password can access it?

For example, if I want to set-up an admin login page, how do I code that with php? Do I need to work with a MySQL database? If there's a way to do it without using MySQL, I'd really appreciate it.

Thanks to people who'll help, if the question isn't clear, please tell me so I could clear things up, I'd really appreciate help on this. Thanks!

Normally if you try to access the anypage.php via http, where the php engine is working on the server, the PHP code gets parsed and does not print in the html source. So if you're worried if it can be easily read using the browser...if everything is OK, it should not be that easy.

Still if you want to create a simple mechanism for securing a directory in the webserver, then you can read the help on your server. About Apache services, stick to instructions how to use .htaccess files to protect directory contents.

If you need advanced login page, where multiple users will register, login, etc. - You should use a database of some sort, like MySQL for example.

Member Avatar for Phaelax

If you're the only one that needs access, I'd say put the file in a separate directory and use an htaccess file.

Member Avatar for kanaku

If you're the only one that needs access, I'd say put the file in a separate directory and use an htaccess file.

OK. Thanks, I think this is the one I need. :cheesy:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.