How to use file_put_contents function in PHP-PHP Tutorial-php.cn

This time I will show you how to use thefile_put_contentsfunction in PHP. What are theprecautionswhen using the file_put_contents function in PHP? Here are practical cases, let’s take a look.

Recently, I encountered a question onFile Uploadon EIS. I found that filtering < basically made many gestures invalid. I thought about it for a long time but didn’t solve this question. After the game, I found out that I was using arrays to solve the problem. However, the principle is analyzed here. Not much to say, let’s take a look at the detailed introduction.

Let’s take a look at the official website definition of the second parameter data of the file_put_contents function:

data 要写入的数据。类型可以是 string，array 或者是 stream 资源（如上面所说的那样）。 如果 data 指定为 stream 资源，这里 stream 中所保存的缓存数据将被写入到指定文件中，这种用法就相似于使用 stream_copy_to_stream() 函数。 参数 data 可以是数组（但不能为多维数组），这就相当于 file_put_contents($filename, join('', $array))。

Copy after login

As you can see, the data parameter can be an array, which will be automaticallyjoin('',$array)converted into astring

When this function accesses files, it follows the following rules:

If FILE_USE_INCLUDE_PATH is set, then the built-in path for a copy of *filename* will be checked
If the file does not exist, a file will be created
Open the file
If LOCK_EX is set, the file will be locked
If FILE_APPEND is set, it will be moved to the end of the file. Otherwise, the contents of the file will be cleared
Write data to the file
Close the file and unlock all files
If successful, this function returns the number of characters written to the file. On failure, False is returned.

But our string filtering function generally uses the preg_match function to filter, such as:

if(preg_match('/\
        
         Copy after login

We know that many functions that process strings will return NULL if an array is passed in, such as strcmp, strlen, md5, etc. But the preg_match function returns false if an error occurs. Here we can passvar_dump(preg_match('/To verify, in this case, the regular filtering of preg_match will be invalid


       Therefore, I guess the file upload code is written like this
       
        
  So we can pass in content[]=&ext=php  to bypass 
  Repair method
  The fix is to use the fwrite function to replace the dangerous file_put_contents function. The fwrite function can only pass in strings. If it is an array, it will error and return false
 
        
         Copy after login
        
       
       I believe you have mastered the method after reading the case in this article. More exciting Please pay attention to other related articles on php Chinese website!
       Recommended reading:
       

       

       
       The above is the detailed content of How to use file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!