I need to write a lot of data into a file while almost at the same time (at least at the time file is still opened by fopen()) user's browser needs to access it.
I found it's impossible until fclose() or end of the script.
Is there any way to make it possible?
Perhaps its better to store the data in memory, or work with a temporary file. Then write to the master file at designated points rather then holding open the file for the entire execution of the script.
An option would be to send the file's mimetype to the user (text/plain for example), and echo the current file contents. After that you write both to the file and the output, so that the output to the user will mimic the file.
Related
So I have a gaming server that automatically sends the amount of online players to a .php file that updates a .txt file to the current amount of players every minute.
However, when I try to write the contents of the .txt file into my website, it doesn't read the .txt file at all. The .txt just contains 1 number.
Example:
players.txt contains one number, that number is 11 (for players online).
<h5> Come play with <?php echo file_get_contents("players.txt");?> other players</h5>
The outcome is "Come play with other players".
It reads the file but assumes it's empty. Server would throw an error in case file not existed or it couldn't be opened because of permissions or other reasons.
Try this:
1. Echo random string ex. <?php echo '12' ?>
2. Create another file for ex. players1.txt with random number and get it's contents the same way ex. <?php echo file_get_contents('players1.txt'); ?>
I'm not a great web developer but a .txt file shouldn't be this hard to read, especially when it's 1 number.
This is subjective to the fact you know it's a txt file and you know it should contain a number, the issue you're encountering is probably logical rather than subjective. It could be an image file or a .dat file, if a process is writing to the file that file could be locked so other processes can not read the file, or the reader is denied access due to ownership, regardless of the file type or contents.
What does your PHP error log say?
Check the file has the correct group/owner permissions and update them as required.
Have you been clearing your static PHP cache to keep any retrieved values up to date?
Are you writing to the file with correct locking?
Using a Database is far, far more efficient and performant to using a filesystem to track this sort of data.
If you're using Unity be aware that it's local file and online security provisions are absolutely appauling, not saying this is an issue for you specifically, but just as a general proviso, limit accessability as much as possible. Always clean your data.
$valueToPlaceIntoFile = (int)$_POST['playerCounter'];
I want to be able to upload a CSV file to a Webpage, and then have PHP store that information to a array and do stuff with it WITHOUT saving the CSV file to the server. How is that possible?
Looking into it, there's the normal GET and POST, which upload the file to the server. There's also PUT, but it looks like it just saves on top of an already existing file on the server.
And from the looks of the process to extract data from a CSV, PHP needs to know the location of the file.
Is it possible to just have the PHP work with the CSV file without saving it to the server somewhere? That way I don't have to worry about security issues with uploading files to a server. I don't need to hold onto the CSV data afterwords, just manipulate it in the current session.
When a file is uploaded to the server from a form, the file is stored temporarily ( $_FILES['someinputname']['tmp_name'] ) . No one says you have to do anything with this file before you can use it. You can read directly from the temporary path and forget about it. This, of course, does not leave you free from harm. Validating the file type is what you expect and not of malicious nature MUST be done before doing anything with a file you don't trust.
No lazy way around being safe.
CSV is just a text file. So you can read the file using javascript from client side and get the text from the file.
Javascript - read local text file
And then send the text to server and then work with it.
An HTML form, a php file and a text file.
The form has one input box, it sends the inputted string to the PHP file using GET or POST. The PHP file writes the string to the text file using fopen 'a', fwrite and fclose and does no sanitization at all.
The text file is set to permission 777 and is in the same folder as the other files.
Are there any security concerns here? Is it possible for someone to send something using the form that will do any damage? If yes, what?
What about if the txt file is set to 666?
Never execute
Depending on what the use of this file, there shouldn't be much risk involved. Just make sure the file is never executed.
This means, never eval() the content of this file, or change it into a .php or any other executable file.
However, if the content is ever to be written on a page, or viewable by the user, you will have security risks doing this.
I typically use 3 ways to improve security writing to files. 1) Move file out of webroot and into some folder with restricted access like cgi-bin. The path to the file and any passwords should also be saved outside of the webroot. 2) Then you include the sensitive data by including it on your page. So if PHP parser fails people only see a variable name and no details. 3) If your are doing a post or get to the file which is doing the writing you can also check the values carefully and stip out characters, script, etc. that could cause problems.
From a web-security point of view, I do not see any problems, as long as the path of the text file is hardcoded or secured in any other way. You haven't said anything though about what happens if the file is missing or read-only (yes, it can happen, for example if the file system is mounted read-only by the administrator).
That being said, this use case is also completely useless, as the text file serves only as a data sink. A data sink that is never read from is useless. The problems may arise when you want to read from the file.
This seems like a simple question...I am trying to allow users to 'load' a saved data file with a Load button, choose file, etc. Can I read the data file directly into a variable from their file or does it need to be uploaded to the server first then opened and read closed and then unlinked?
Thank you,
Todd
Because PHP is SERVERSIDE you can't do anything without uploading the file. Unless this file already is on the server, there is no way around this problem.
I prettier way of doing it could be to use a jQuery-plugin to upload the file (without the page getting refreshed) and then access the content using ajax
It needs to be uploaded for PHP to access it, unless the file's contents are sent via JavaScript to PHP. That relies on a cutting edge browser.
Yes, you have to upload the file first because you have no access to the user's filesystem through browser neither using PHP nor JavaScript.
Basically I have an XML file to populate data with and I will have a cron (in PHP) that updates it every 5 minutes. But at the same time, I will have users accessing this file all the time (and I'm talking about thousands of users).
When I tried a script myself by writing 2million text lines in a .txt file and reading it at the same time, of course the file_get_contents() was getting the current text in the .txt file and does not wait for it to end and get the contents when it's finished. So what I did is, I write to a temporary file and then rename it to the original .txt file. The renaming process on my PC takes up 0.003 seconds (calculated using microtime()).
Do you think this is a suitable solution or there will be users which will end up having an error that the file does not exists?
Of course this is not suitable.. You have to lock the file in this 0.003 microseconds.
A very simple way is a flag
For example create file called isReplacing
After replacing is done, delete file isReplacing
When a user wants the file say in getfile.php
while(file_exists("isReplacing"))
{}
//NOW echo file_get_contents()
//BETTER:
if(file_exists("isReplacing"))
{
//GET DATA FROM DATABASE
}
else
{
//ECHO THE FILE
}
NOTE this is a dumb way but I just want to demonstrate