l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Sep 13 17:37

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] secure form to ascii file?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] secure form to ascii file?

On Mon, Sep 13, 2004 at 03:05:21PM -0700, Lewis Perdue wrote:
> I need a web form that writes to a file in comma-delimited ascii with a 
> time/date stamp ...I know a lot of the perl scripts out there have holes 
> CGI exploit holes. Does anyone have a secure recommendation?

The kind of Perl-script exploits I still see are old form-to-mail scripts
being abused to send spam.  (Some complete moron sent me a couple of
"your paypal account needs updating" phish attempts via one recently.
Man, what an idiot! :^) )

Anyway, Perl should be fine, assuming you follow all the good rules pointed
out when people teach Perl-for-CGI-development.  PHP would do great for
this, too.

My one concern is how the permissions would be handled for the file you
wish the script to write to.  (Anyone here have recommendations?)

Beyond that, it'd be not much more than (in PHP):

  $fi = fopen("somefile.csv", "w");
  if ($fi !== FALSE)
    fprintf($fi, "$col1,$col2,$col3,$col4\n");

Though you'll probably want to clean up the data in the "$colN" variables
(e.g., to make sure they don't contain end-of-line ('\n') characters or
commas (',') to foul up the file)

As for a Perl version...  I can NEVER do Perl off the top of my head.
(Hence my constantly resorting to grep, sed and bash scripting for non-web
stuff, and PHP for web stuff. ;^) )

(Man, if only we had had MySQL and PHP back in the Smartwine days, Lew.
I woulda rocked 10x harder. :^)  'Course now I'm "out" of the web business.

Good luck!

bill@newbreedsoftware.com            Man, some trip this turned out to be.
http://www.newbreedsoftware.com/       All we caught is a tire, a boot,
New Breed Software                    a tin can and this book of cliches.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.