How to use file_put_contents function in PHP-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How to use file_put_contents function in PHP

php中世界最好的语言

Apr 11, 2018 am 10:02 AM

filephp

This time I will show you how to use the file_put_contents function in PHP. What are the precautions when using the file_put_contents function in PHP? Here are practical cases, let’s take a look.

Recently, I encountered a question on File Upload on EIS. I found that filtering

Let’s take a look at the official website definition of the second parameter data of the file_put_contents function:

data
要写入的数据。类型可以是 string，array 或者是 stream 资源（如上面所说的那样）。
 
如果 data 指定为 stream 资源，这里 stream 中所保存的缓存数据将被写入到指定文件中，这种用法就相似于使用 stream_copy_to_stream() 函数。
 
参数 data 可以是数组（但不能为多维数组），这就相当于 file_put_contents($filename, join('', $array))。

As you can see, the data parameter can be an array, which will be automatically join('',$array)converted into a string

When this function accesses files, it follows the following rules:

If FILE_USE_INCLUDE_PATH is set, then the built-in path for a copy of *filename* will be checked
If the file does not exist, a file will be created
Open the file
If LOCK_EX is set, the file will be locked
If FILE_APPEND is set, it will be moved to the end of the file. Otherwise, the contents of the file will be cleared
Write data to the file
Close the file and unlock all files
If successful, this function returns the number of characters written to the file. On failure, False is returned.

But our string filtering function generally uses the preg_match function to filter, such as:

if(preg_match('/\',$data)){
 die('hack');
}

We know that many functions that process strings will return NULL if an array is passed in, such as strcmp, strlen, md5, etc. But the preg_match function returns false if an error occurs. Here we can pass var_dump(preg_match('/' ,$data)); To verify, in this case, the regular filtering of preg_match will be invalid

Therefore, I guess the file upload code is written like this

<?php  
 
if(isset($_POST[&#39;content&#39;]) && isset($_POST[&#39;ext&#39;])){
 $data = $_POST[&#39;content&#39;];
 $ext = $_POST[&#39;ext&#39;];
 
 //var_dump(preg_match(&#39;/\</&#39;,$data));
 if(preg_match(&#39;/\</&#39;,$data)){
  die(&#39;hack&#39;);
 }
 $filename = time();
 file_put_contents($filename.$ext, $data);
}
 
?>

So we can pass in content[]=<?php phpinfo();?>&ext=php to bypass

Repair method

The fix is to use the fwrite function to replace the dangerous file_put_contents function. The fwrite function can only pass in strings. If it is an array, it will error and return false

<?php  
 
if(isset($_POST[&#39;content&#39;]) && isset($_POST[&#39;ext&#39;])){
 $data = $_POST[&#39;content&#39;];
 $ext = $_POST[&#39;ext&#39;];
 
 //var_dump(preg_match(&#39;/\</&#39;,$data));
 if(preg_match(&#39;/\</&#39;,$data)){
  die(&#39;hack&#39;);
 }
 $filename = time();
 // file_put_contents($filename.$ext, $data);
 $f = fopen($filename.$ext);
 var_dump(fwrite($f,$data));
}
 
?>

I believe you have mastered the method after reading the case in this article. More exciting Please pay attention to other related articles on php Chinese website!

Recommended reading:

The above is the detailed content of How to use file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AM

ThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa

How do you optimize PHP applications for performance?May 08, 2025 am 12:08 AM

TooptimizePHPapplicationsforperformance,usecaching,databaseoptimization,opcodecaching,andserverconfiguration.1)ImplementcachingwithAPCutoreducedatafetchtimes.2)Optimizedatabasesbyindexing,balancingreadandwriteoperations.3)EnableOPcachetoavoidrecompil

What is dependency injection in PHP?May 07, 2025 pm 03:09 PM

DependencyinjectioninPHPisadesignpatternthatenhancesflexibility,testability,andmaintainabilitybyprovidingexternaldependenciestoclasses.Itallowsforloosecoupling,easiertestingthroughmocking,andmodulardesign,butrequirescarefulstructuringtoavoidover-inje

Best PHP Performance Optimization TechniquesMay 07, 2025 pm 03:05 PM

PHP performance optimization can be achieved through the following steps: 1) use require_once or include_once on the top of the script to reduce the number of file loads; 2) use preprocessing statements and batch processing to reduce the number of database queries; 3) configure OPcache for opcode cache; 4) enable and configure PHP-FPM optimization process management; 5) use CDN to distribute static resources; 6) use Xdebug or Blackfire for code performance analysis; 7) select efficient data structures such as arrays; 8) write modular code for optimization execution.

PHP Performance Optimization: Using Opcode CachingMay 07, 2025 pm 02:49 PM

OpcodecachingsignificantlyimprovesPHPperformancebycachingcompiledcode,reducingserverloadandresponsetimes.1)ItstorescompiledPHPcodeinmemory,bypassingparsingandcompiling.2)UseOPcachebysettingparametersinphp.ini,likememoryconsumptionandscriptlimits.3)Ad

See all articles