safe from web folder

Tali

Hi,
I already got help from djjjozsi regarding saving email addresses from a form to txt file, but understand it's not very safe.

 if(isset($_POST["email"]))
file_put_contents("emails.txt" , htmlspecialchars($_POST["email"]) . "\n\r" , FILE_APPEND  );

How to add "safe from web" folder or insert to table in a database?

Thank you in advance

Tali

ixalmida

// MySQL safety only...
$db_safe_email = mysql_real_escape_string($_POST['email']);

// Or do email address validation (should be db-safe by default):

// If you have PHP 5.2+...
$validated_email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);

// NOTE:  If you are using PHP < 5.2, then you would use a regular expression
// to validate the email address.  There are too versions to count posted
// on the web, so find one that works for you.

Ashley_Sheridan

Are you trying to make your own site safe from exploits, or keep the file safe from prying eyes? If it's the former, then ixalmida's solution will work on a PHP5 enabled server.

If you're trying to keep the file safe from prying eyes, then I'd suggest a couple of things you could do. Put the file on it's own in a directory, which you can then secure with an .htaccess file (assuming you're using Linux).

Also, assuming that PHP is creating this file, give it 770 permissions, which should protect anonymous people from viewing it should the .htaccess password protection fail for any reason.