• Choose a category
• All
• Classic-Fiction

You can implement a very simple form of CAPTCHA by converting your form to a PHP page. Create a simple math problem and store the answer in a session variable. Ask the user to solve the problem and submit the response as part of the form. Have your program check the user’s answer against the session.

Although this will not prevent a concerted attack, it is good enough for basic protection.

When the user enters contact data into this form, it will be passed to a program that reads the data, prints out a response, and stores the information in a text file. The output of the program is shown in Figure 6-2.

Figure 6-2: This program has responded to the file input.

The more interesting behavior of the program is not visible to the user. The program opens a file for output and prints the contents of the form to the end of that file. Here are the contents of the data file after a few entries:

first: Andy

last: Harris

email: andy@aharrisbooks.net

phone: 111-1111

first: Bill

last: Gates

email: bill@Microsoft.com

phone: 222-2222

first: Steve

last: Jobs

email: steve@apple.com

phone: 333-3333

first: Linus

last: Torvalds

email: linus@linux.org

phone: 444-4444

The program to handle this input is not complicated. It essentially grabs data from the form, opens up a data file for output, and appends that data to anything already in the file. Here’s the code for addContact.php:

type = ”text/css”

href = ”contact.css” />

//read data from form

$lName = $_REQUEST[”lName”];

$fName = $_REQUEST[”fName”];

$email = $_REQUEST[”email”];

$phone = $_REQUEST[”phone”];

//print form results to user

print <<< HERE

Thanks!

Your spam will be arriving shortly.

first name: $fName

last name: $lName

email: $email

phone: $phone

HERE;

//generate output for text file

$output = <<< HERE

first: $fName

last: $lName

email: $email

phone: $phone

HERE;

//open file for output

$fp = fopen(”contacts.txt”, ”a”);

//write to the file

fwrite($fp, $output);

fclose($fp);

?>

The process is straightforward:

1. Read data from the incoming form.

Just use the $_REQUEST mechanism to read variables from the form.

2. Report what you’re doing.

Let users know that something happened. As a minimum, report the contents of the data and tell them that their data has been saved. This is important because the file manipulation will be invisible to the user.

3. Create a variable for output.

In this simple example, I print nearly the same values to the text file that I reported to the user. The text file does not have HTML formatting because it’s intended to be read with a plain text editor.

4. Open the file in append mode.

You might have hundreds of entries. Using append mode ensures that each entry goes at the end of the file, rather than overwriting the previous contents.

5. Write the data to the file.

Using the fwrite() or fputs() function writes the data to the file.

6. Close the file.

Don’t forget to close the file with the fclose() function.

The file extension you use implies a lot about how the data is stored. If you store data in a file with an .xt extension, the user will assume it can be read by a plain text editor. The .dat extension implies some kind of formatted data, and .csv implies comma-separated values (explained later in this chapter). You can use any extension you want, but be aware you will confuse the user if you give a text file an extension like .pdf or .doc.

A note about file permissions

Your programs will be loading and storing files, so you need to know