An HTML form, a php file and a text file. The form has one

Question

0

Asked: June 12, 20262026-06-12T14:14:15+00:00 2026-06-12T14:14:15+00:00

An HTML form, a php file and a text file. The form has one

0

An HTML form, a php file and a text file.

The form has one input box, it sends the inputted string to the PHP file using GET or POST. The PHP file writes the string to the text file using fopen 'a', fwrite and fclose and does no sanitization at all.

The text file is set to permission 777 and is in the same folder as the other files.

Are there any security concerns here? Is it possible for someone to send something using the form that will do any damage? If yes, what?

What about if the txt file is set to 666?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T14:14:17+00:00

Editorial Team

2026-06-12T14:14:17+00:00Added an answer on June 12, 2026 at 2:14 pm

Never execute

Depending on what the use of this file, there shouldn’t be much risk involved. Just make sure the file is never executed.

This means, never eval() the content of this file, or change it into a .php or any other executable file.

However, if the content is ever to be written on a page, or viewable by the user, you will have security risks doing this.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

An HTML form, a php file and a text file. The form has one

Leave an answerCancel reply

1 Answer

Never execute

Leave an answer
Cancel reply