[vox-tech] secure form to ascii file?

Bill Kendrick nbs at sonic.net
Mon Sep 13 17:23:12 PDT 2004


On Mon, Sep 13, 2004 at 03:05:21PM -0700, Lewis Perdue wrote:
> I need a web form that writes to a file in comma-delimited ascii with a 
> time/date stamp ...I know a lot of the perl scripts out there have holes 
> CGI exploit holes. Does anyone have a secure recommendation?

The kind of Perl-script exploits I still see are old form-to-mail scripts
being abused to send spam.  (Some complete moron sent me a couple of
"your paypal account needs updating" phish attempts via one recently.
Man, what an idiot! :^) )

Anyway, Perl should be fine, assuming you follow all the good rules pointed
out when people teach Perl-for-CGI-development.  PHP would do great for
this, too.

My one concern is how the permissions would be handled for the file you
wish the script to write to.  (Anyone here have recommendations?)

Beyond that, it'd be not much more than (in PHP):

  $fi = fopen("somefile.csv", "w");
  if ($fi !== FALSE)
  {
    fprintf($fi, "$col1,$col2,$col3,$col4\n");
    fclose($fi);
  }

Though you'll probably want to clean up the data in the "$colN" variables
(e.g., to make sure they don't contain end-of-line ('\n') characters or
commas (',') to foul up the file)

As for a Perl version...  I can NEVER do Perl off the top of my head.
(Hence my constantly resorting to grep, sed and bash scripting for non-web
stuff, and PHP for web stuff. ;^) )

(Man, if only we had had MySQL and PHP back in the Smartwine days, Lew.
I woulda rocked 10x harder. :^)  'Course now I'm "out" of the web business.
*Whew!*)

Good luck!

-bill!
bill at newbreedsoftware.com            Man, some trip this turned out to be.
http://www.newbreedsoftware.com/       All we caught is a tire, a boot,
New Breed Software                    a tin can and this book of cliches.



More information about the vox-tech mailing list