Updating PHP inc file with form [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.

---

开发者_如何转开发

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 9 years ago.

Improve this question

I have an inc file that contains 4 MySQL database variables - hostname, database, username and password. These inc file is included in other php files to execute database queries.

What I would like to do is to create a form that can update this inc file so the MySQL variables can be changed. As a real novice I am not sure how to approach this, so any help is greatly appreciated.

Thank you very much.

---

You have to be very careful doing things like this, more often than not it allows people to hack and/or break your application.

What you need to do is simply overwrite your file with the new values - how you collect those values is up to you.

Lets assume that you're collecting the values through a POST form submission from a web page, you could do something like this:

<?php

  // Create the new file contents
  // Be careful not to add any extra leading/trailing whitespace before or after
  // the opening and closing tags!
  $newFileContents = "<?php

  \$mysqlHostName = '{$_POST['newhost']}';
  \$mysqlDBName = '{$_POST['newdb']}';
  \$mysqlUserName = '{$_POST['newuser']}';
  \$mysqlPassword = '{$_POST['newpass']}';
";

  // Overwrite your file
  file_put_contents('mysqlconfig.php',$newFileContents);

Hopefully that should get you started, but you will still need to do a lot of work, such as sanitizing the input, possibly testing whether the new details work before you overwrite your config file, including you config file afterwards to ensure that it works, etc etc.

---

Take a look at http://se.php.net/manual/en/function.fopen.php

http://se.php.net/manual/en/function.fwrite.php

http://se.php.net/manual/en/function.fclose.php

You could also use http://se.php.net/manual/en/function.file-put-contents.php instead.

You also need to chmod the file you want to change.

However I agree with Jon Stirling and you should rather just go in to the code and edit the few variables rather then this. It is potential for security holes indeed.

---

Your form HTML might look something like this:

<html>
  <head>
  </head>
  <body>
    <form action="update_mysql_vars.php" method="post">
      Hostname <input name="hostname" /><br />
      Database <input name="database" /><br />
      Username <input name="username" /><br />
      Password <input name="passowrd" /><br />
    </form>
  </body>
</html>

And your update_mysql_vars.php script might look something like this:

<?php
  $h = fopen("/path/to/inc/file.inc", "w");
  write
  (
    $h,
    "<?php\n" .
    "\$hostname = " . $_POST["hostname"] . ";\n" .
    "\$database = " . $_POST["database"] . ";\n" .
    "\$username = " . $_POST["username"] . ";\n" .
    "\$password = " . $_POST["password"] . ";\n" .
    "?>"
  );
  fclose($h);
?>

Obviously you'd need to add error checking, input checking and ensure the update script could only be accessed by those that actually have the right to change the database access variables!