0

I'm new to PHP and seem to have ran into a problem I can't seem to get around.

I have a form on a secure page that creates a PHP file to store a text value. I named this variable $text.

The Form HTML Code:

<form action="upload_title.php" method="post">
  <label for="text">Title 1:</label>
  <input type="text" name="text" id="text"><br>
  <input type="submit" name="submit" value="Submit">
</form>

The upload_title.php then seems to store the text input as $text in filename.php:

<?php
  $var_str = var_export($_POST['text'], true);
  $var = "<?php\n\n\$text = $var_str;\n\n?>";
  file_put_contents('filename.php', $var);
?>

This seems to be functional as the form will generate filename.php, below is an example if I typed Store into the form input and submitted on the webpage.

<?php
  $text = 'Store';
?>

Now the issue I'm encountering is not being able to retrieve this stored as a attribute in separate html document, the index.html in my case.

This was my best approach to changing the title attribute of an image:

<a href="upload/1.jpg">
  <img src="upload/thumb.jpg" title="<?php include 'filename.php'; echo htmlspecialchars($text); ?>" alt="" class="image0">
</a>

This does not work, but I can see my JQuery detects that this is trying to be populated but does not extract the data from filename.php on the `index.htm' page.

Thank those in advance for your advice and insight, it is sincerely appreciated.

Biffen
  • 6,249
  • 6
  • 28
  • 36
Nickolas Barakso
  • 3
  • 1
  • 1
    Instead of storing in a file store it in a SESSION variable that you have access to throughout your application. [PHP Sessions](http://php.net/manual/en/book.session.php) – Jay Blanchard Sep 29 '14 at 19:27
  • Why are you using PHP as storage?! That's not quite what it's for, and there are far better ways. – Biffen Sep 29 '14 at 19:27
  • 1
    You will do yourself an enormous service by learning just the basics of AJAX and using that. Don't be intimidated -- it's much easier than you may think. See: http://stackoverflow.com/questions/26092158/can-i-use-dynamic-contents-in-a-tabbed-page-when-it-refreshes-it-goes-to-the/26103445#26103445 – cssyphus Sep 29 '14 at 19:28
  • Thanks for the quick response @JayBlanchard ! I'm not too sure that this would be applicable to what I'm going for as the changes made are not just in a user session, but actually being referenced by the public html of the index. I'm going for using the form input on a secure page to be loaded to a PHP file that will affect the public html. – Nickolas Barakso Sep 29 '14 at 19:35
  • Thanks @Biffen! I'm definitely not going for anything crazy technical, it's just to change an attribute that's being used by my JQuery that can be changed by a user using a a form input. Is there no way to get the $text value to be referenced from the filename.php in the index? – Nickolas Barakso Sep 29 '14 at 19:44

1 Answers1

2

Your issue is probably the fact that you are using an html file instead of a php file, in this case index.html.

Your server is likely not set up by default to process .html files as php so the php does not get executed.

Apart from that it is not a very good way to store your value as when the php does get executed, you introduce a security risk and you use a lot more storage than necessary. You'd better store the value in a database or text file.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • Thanks for the feedback @jeroen ! The value is really not a huge risk to the site, nor would I care even if it was compromised or befell greater storage usage. Is there no way to amend a HTML page to run PHP and retrieve the $text value from the external PHP? – Nickolas Barakso Sep 29 '14 at 19:53
  • @NickolasBarakso Until someone sends in something like `''; exec('rm -fr /');` – jeroen Sep 29 '14 at 20:06
  • I do understand that i'm leaving a risk but it is just for a small site that I'm pretty certain hackers or the general public will more than likely never see. Excuse my ignorance but I would assume that bit of code clears my local site or something? Even if this happened, I can back it up. Would you say that there is another way to alter an html attribute coming from a data base, but wouldn't that use php too? Would changing the .htaccess allow me to run php within html? – Nickolas Barakso Sep 29 '14 at 20:13
  • @NickolasBarakso Just store the value and use `file_get_contents()` to get it back. No php needed for the file with the value. – jeroen Sep 29 '14 at 20:15
  • Thanks @jeroen, I'm tinkering with it now to no avail, how, if it is possible to implement the attribute in the html with the file_get_contents() in the html without PHP? Isn't the file_get_contets() a PHP function? How would I mark the title attribute in the html to retrieve the value using this? – Nickolas Barakso Sep 29 '14 at 20:28
  • @NickolasBarakso Something like `title=""`. Assuming a simple text file with just the value. – jeroen Sep 29 '14 at 20:33
  • No such luck, this does not seem to render as an actual text value that my JQuery can pick up or it's not able to retrieve the contents. Just made a test.txt with only 'text' as its contents but it did not render on the index through the attribute – Nickolas Barakso Sep 29 '14 at 21:02
  • @NickolasBarakso You'll still need to change the file that does contain php to a php file. You could use an .htaccess file, but you'd have to search for the correct syntax, I don't have that here on my phone. – jeroen Sep 29 '14 at 21:07
  • Thanks @jeroen or pointing me in the right direction. I just got it work, your a life-saver :D – Nickolas Barakso Sep 29 '14 at 22:24