writing text files error

foid025

Hi. I have a code that attempts to write a text file with the contents being provided from a form.

The code is as follows:

//write the document
$doc = "userFiles/" . $fid . ".txt";
echo $document;
$handle = fopen($doc, 'a');
fwrite($handle, stripslashes($document));
fclose($handle);

The file is created as it should be, but after displaying the contents ($document), some HTML is also displayed.

For instance if I write as $document "this is a Test" with the file name being "Test", I get this as the file:

This is a test.

<html>

<head>
	<title>Test</title>
</head>

<body>
</body>

</html>

Any ideas? Thanks

bradgrafelman

How is $document being set? Have you tried using the 'w' flag for the fopen() call to overwrite the previous contents of the file?

foid025

It's being set through a normal HTML form, accessed through $_POST. Yeah I've tried 'w', among others...

bradgrafelman

You'll have to show us more of the code... where that variable is set, etc. etc.

foid025

The form:

<form onSubmit=return validForm(this) action=mUploadAction.php?method=copy method=post enctype=multipart/form-data>
						<input type=hidden name=MAX_FILE_SIZE value=20000000 />
						<table><tr>
							<td>
								<table>
									<tr><td align=right>file name <a href=questionMarks.php?qid=1 onclick=return popitup('questionMarks.php?qid=1')>?</a>:</td><td>&nbsp;</td><td><input size=25 type=text name=name></td></tr>
									<tr><td align=right>description (optional) <a href=questionMarks.php?qid=3 onclick=return popitup('questionMarks.php?qid=3')>?</a>:</td><td>&nbsp;</td><td><textarea name=description valign=top rows=3 cols=20></textarea></td></tr>
									<tr><td align=right><b>document:</b></td><td>&nbsp;</td><td><textarea name=document valign=top rows=15 cols=58></textarea></td></tr>
									<tr><td  align=right><input type=checkbox name=makePublic value=yes></td><td>&nbsp;</td><td>put a copy in the public folder</td></tr>
									<tr><td colspan=3>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit value=Submit   (I accept the terms)></td></tr>
								</table>
							</td>
						</tr></table>
					</form>

some relevant php stuff:

	//file variables
	$name = $_POST["name"];
	$uemail = $_POST["uemail"];
	$uname = $_POST["uname"];
	$password = $_POST["password"];
	$description = $_POST["description"];
	$document = $_POST["document"];
	$rememberMe = $_POST["rememberMe"];
	$sendEmail = $_POST["sendEmail"];

createFile($name, $uemail, $uname, $security, $document, $description);

function createFile($name, $uemail, $uname, $security, $document, $description)
	{
		 $date = date("n / j / y");

	 // Save the file to the db
	$link = mysql_connect('***', ***, ***) or die('Could not connect: ' . mysql_error());
	mysql_select_db('efamz') or die('Could not select database');
	$query = "INSERT INTO files VALUES ('', '$name', 'plain text', '$uname', '$uemail', '$security', '$date', '$description', '', '')";
	$result = mysql_query($query, $link) or die('Query failed: ' . mysql_error());

	// Find the unique 
	$query = "SELECT * FROM files WHERE name = '$name'";
	$result = mysql_query($query, $link) or die('Query failed: ' . mysql_error());
	while ($row = mysql_fetch_object($result)) 
	{
		$fid= $row->fid;
	} 

	mysql_close($link);		//close db

	//write the document
	$doc = "userFiles/" . $fid . ".txt";
	$handle = fopen($doc, 'a');
    fwrite($handle, stripslashes($document));
    fclose($handle);

    echo "success!";
}

foid025

I was wondering if it might not have something to do with the text document being opened by the browser, like the browser might be adding the html in. This seems to not be the case though cause when I save the text file and open it with an editor, I still get the html... Not sure what's going on really.

bradgrafelman

It might be the invalid HTML syntax. Try adding quotes around all values in the HTML tags, for example:

<textarea name="document" valign="top" rows="15" cols="58"></textarea>

foid025

nope that didn't do it :S

weird problem eh!

bradgrafelman

Out of curiousity, what if you change the name of the textarea (and the $_POST[] reference in the PHP, of course) to something else?

Also, just as a suggestion, you could change all of this code:

        // Find the unique 
        $query = "SELECT * FROM files WHERE name = '$name'"; 
        $result = mysql_query($query, $link) or die('Query failed: ' . mysql_error()); 
        while ($row = mysql_fetch_object($result)) 
        { 
            $fid= $row->fid; 
        }

to this:

$fid = mysql_insert_id();