我只是想在一个名为"config.php"的文件中替换一些东西!这是我想要编辑的文件的第一部分。我想使用一个表单来设置大写文本的值。我卡住了,我找遍了StackOverflow和google。我什么也没找到。
$dbhost = "DBHOST"; /* "localhost" */
$dbuname = "DBUSERNAME"; /* "database user name" */
$dbpass = "DBPASSWORD"; /* "database password" */
$dbname = "DBNAME"; /* "database name" */
另外,表单应该如何查找这个呢?
我有这个…
<form action="edit.php">
DB Server: <input type="text" name="host" placeholder="localhost"><br>
DB Username: <input type="text" name="dbuser" placeholder="admin"><br>
DB Password: <input type="password" name="dbpassword" placeholder="********"><br>
DB Name: <input type="text" name="db_name" placeholder="pnc"><br>
<button type="submit">Next Step</button>
</form>
假设你有这样一个文件:
/home/网站/example.com/conf.php
<?php
$dbhost = "DBHOST"; /* "localhost" */
$dbuname = "DBUSERNAME"; /* "database user name" */
$dbpass = "DBPASSWORD"; /* "database password" */
$dbname = "DBNAME";
要替换这些占位符值,您所需要的只是在变量中获取页面源并进行一些字符串替换,然后将其写回文件。
$confpath = '/home/websites/example.com/conf.php';
$confphp = file_get_contents($confphp);
// Note the POST values need to be CLEANED and validated first.
// This especially means whitelisting what characters are allowed
// in the POST-received variables, encoding and removing " and '.
// You have to be VERY careful to authentic the user, and verify
// that user has permissions to do what they're doing, with the
// databases/tables they're working with, unless this is part of
// an install script, which would need to be removed immediately
// upon finishing the install.
$confphp = str_replace(
array('DBHOST','DBUSERNAME','DBPASSWORD','DBNAME'),
array(
addslashes($post_cleaned_dbhost),
addslashes($post_cleaned_dbusername),
addslashes($post_cleaned_dbpassword),
addslashes($post_cleaned_db_name)
),
$confphp
);
file_put_contents($confpath, $confphp);
注意,要替换的值必须是文件文本内容的唯一值(例如,在同一文件中没有$DBUSERNAME),否则它也会替换这些值。如果文件没有写入,它返回false,所以您可以测试file_put_contents()的返回来验证它是否工作。
创建一个带有控制器的表单
HTML中的表单代码
<form name="dbSet" id="dbSet" action="form_set_db.php" method="POST" />
<label>Host</label> <input type="text" name="host" id="host" /><br />
<label>Username</label> <input type="text" name="username" id="username" /><br />
<label>Password</label> <input type="password" name="password" id="password" /><br />
<label>Database</label> <input type="database" name="database" id="database" />
</form>
form_set_db.php
require_once 'config.php';
if(isset($_POST["host"], $_POST["username"], $_POST["password"], $_POST["database"]))
{
$dbhost = $_POST["host"];
$dbuname = $_POST["username"];
$dbpass = $_POST["password"];
$dbname = $_POST["database"];
}
这将用您在表单中输入的值替换$dbhost $dbuname $dbpass $dbname的值。
编辑
注意,这只是暂时替换它。如果您想要永久存储配置文件(例如,如果您正在构建安装程序),我会动态创建config.php文件,而不是从头开始创建它。然后在form_set_db.php
if(isset($_POST["host"], $_POST["username"], $_POST["password"], $_POST["database"]))
{
$file = fopen("config.php", "w");
if(!is_resource($file)) { return false; }
fwrite($file, "$dbhost = '" . $_POST["host"] . "';'n");
fwrite($file, "$dbuname = '" . $_POST["username"] . "';'n");
fwrite($file, "$dbpass = '" . $_POST["password"] . "';'n");
fwrite($file, "$dbname = '" . $_POST["database"] . "';");
fclose($file);
}
您想创建一个接受用户输入并更改文件中的行的表单吗?我不建议直接从表单设置数据库连接。但如果有必要,请尝试使用常规格式存储数据,如JSON
$data = json_decode(file_get_contents($dataFileName));
file_put_contents(json_encode($data, $dataFileName));
参考查阅http://www.php.net//manual/en/book.json.php
如果您的文件是典型的数据格式,那么它将清楚地表明您的文件包含数据。你可以给这个数据库命名。Json for instance
创建名为database的文件。Json包含以下内容:
{
"username": "...",
"password": "...",
"database": "...",
"host": "..."
}
然后使用
读取这些数据$data = json_decode(file_get_contents('database.json'));
$data['username'] = $newValue;
$username = $data['username'];
一旦你设置了新的值
file_put_contents(json_encode('database.json', $data));
从用户提交的数据连接到数据库存在问题,例如切换到不同的数据库并在您的页面中显示可用于XSS的恶意数据http://en.wikipedia.org/wiki/Cross-site_scripting