Create another PHP file with PHP script

Question

I need to create a new .php file as MySQL connection configuration file. I have a listing like this:

$fileLocation = $_SERVER['DOCUMENT_ROOT'] . "/dbconnect.php";
file_put_contents($fileLocation,$content);
$content = "<?php $koneksi = mysql_connect('.$host.', '.$username.', '.$password.'); //open connection
if(! $koneksi ) //if fail
{
  die(\'Gagal Koneksi: \' . mysql_error());
}
echo \'Koneksi Berhasil\'; ?>";

I get the $username, $host, and $password from another file (containing form for the host, username, and password) using post method.

And I want to create the file in the root directory, I did that code and it doesn't work. I try fwrite and doesn't work too. I Google it but I'm not really understand what am I reading.

How should I do that?

I'm fairly confident that whatever problem you thought of solving in this way has a much much better way to be solved. — apokryfos, Aug 09 '16 at 09:23
What are you actually trying to do? Why does the user need to create a MySQL connection file on your server via a web form? There might be a simpler, safer way of achieving your goal. — BadHorsie, Aug 09 '16 at 09:47

score 0 · Answer 1 · answered Aug 09 '16 at 09:22

You need to pass the parameters as string:

mysql_connect("'.$host.'", "'.$username.'", "'.$password.'");

And yea, this looks like a X-Y Problem, which needs to be addressed, where your problem can be solved by better way than this.

Note: Do not use mysql_* functions, as they are deprecated and removed.

score 0 · Answer 2 · edited May 23 '17 at 11:44

I try fwrite and doesn't work

The problem is almost certainly directory permissions. Your PHP script does not have permission to write your file to the root directory that you mention.

However...

I want to create the file in the root directory

What you are currently trying to do looks like you are creating security risks. You are letting a user enter values in a form which are then injected into your script without any sanitisation whatsoever. You then write that file to the server. It's unclear if you mean the root directory of the server, or the root of the website.

MySQL Extension Warning

Since PHP 5.5, the MySQL extension and its functions are deprecated. You should, at a minimum, use the improved extension MySQLi.

Conclusion

Judging by your code, and self-proclaimed lack of understanding, I would advise that you don't take your current solution further right now. You are potentially opening up all sorts of security risks, not to mention there is almost certainly a better way to achieve your goal.

I would advise, at a minimum, you read up on the following before continuing:

And if you want to continue, you may find help in this similar question:

Writing PHP file not working

I mean, the root folder of my app. Because the file which create the new file is in /myapp/install/. I want to locate the new file in /myapp/ — kucing, Aug 09 '16 at 09:40
@kucing Yes, I understand, and if the file is not being written to the server, it probably means that the directory permissions of `myapp/install` are not set to allow the web server to write the file. But please explain what you are trying to achieve because it doesn't look sensible or correct. — BadHorsie, Aug 09 '16 at 09:50

Poiz · Answer 3 · 2016-08-09T10:24:26.200

You shouldn't do file_put_contents($fileLocation, $content) just before you created $content because $content wouldn't have existed before then... That is somehow clearly self-explanatory. Your code should have read something like this:

<?php

    // LET US ASSUME YOU ARE GETTING YOUR DB-CONNECTION DATA FROM ANY SOURCE AT ALL
    // AND THE DATA ARE AS FOLLOWS: $host, $username, $password;
    // SO THAT WE HAVE SOMETHING LIKE — 
    $host           = "localhost";
    $username       = "user";
    $password       = "pass";

    // IF YOU WANT THE FILE TO BE LOCATED IN /myapp DIRECTORY
    // THEN GO UP ONE DIRECTORY ABOVE THE CURRENT DIRECTORY: /myapp/install 
    $fileLocation   = __DIR__ . "/../dbconnect.php";

    // FIRST BUILD YOUR CONTENT... ALSO REMEMBER TO ADD NEW LINES & TABS...
    $content        = "<?php\n\n\t\$koneksi = mysql_connect('{$host}', '{$username}', '{$password}');";

    // NOW; CHECK IF THE FILE IN QUESTION EXISTS OR NOT 
    // SO YOU DON'T HAVE TO RECREATE IT EACH TIME THIS SCRIPT RUNS...
    if(!file_exists($fileLocation)){
        file_put_contents($fileLocation, $content);
    }

    // REMEMBER TO INCLUDE THE DB-CONNECTION FILE YOU JUST CREATED IN THE CURRENT SCRIPT
    // OTHERWISE IT WILL NOT BE AVAILABLE TO YOUR SCRIPT... ;-)
    require_once $fileLocation;

    if(! $koneksi ){
        die('Gagal Koneksi: ' . mysql_error());
    }
    echo 'Koneksi Berhasil';

EFFECTIVELY:

<?php

    $fileLocation   = __DIR__ . "/../dbconnect.php";
    $content        = "<?php\n\n\t\$koneksi = mysql_connect('{$host}', '{$username}', '{$password}');";
    if(!file_exists($fileLocation)){
        file_put_contents($fileLocation, $content);
    }

    require_once $fileLocation;

    if(! $koneksi ){
        die('Gagal Koneksi: ' . mysql_error());
    }
    echo 'Koneksi Berhasil';

Create another PHP file with PHP script

3 Answers3