PHP File Handling Basics and Basic Security
Basics of PHP with Security Considerations - Part 15
Foreword: In this part of the series, you learn the basics on accessing files in PHP.
By: Chrysanthus Date Published: 31 Aug 2018
Introduction
Resource
In order for you to use a file in the hard disk or some other drive, you have to do what is called opening the file. For this, the content of the file is copied into memory. This area in memory that has the content of the file is called a stream (precisely a buffer). Whatever you want to do to the file (modifying the file, adding text to the end of the file, or just reading the file) you do to the stream. After that you have to do what is called closing the file. When a file is closed, the content of the stream is copied to the file in the disk, if necessary. Any modification of stream content or adding of text to the end of the stream is reflected in the file in the disk after closing.
A file may not exist in the disk. This means you have to create it. For this purpose, you still have to use the opening process (see below). A stream for the newly (not existing) opened file is created. You send information to the stream. When you close the file, effectively closing the stream, the content of the stream is copied to the disk. Closing a file means putting an end to the association between the stream and the corresponding file in the disk, after the content of the stream has just been copied to the file, which might or might not have existed, in the disk.
Note: the content of the stream is the file content copied from disk, if the file existed in the disk before it was opened. While you are editing a file, the content may also be saved.
In order to open, edit and close a file, you need what is known as a resourse. A resourse is a special kind of reference holding variable. There are different kinds of resourses - see later.
The simplified syntax to open a file is,
resource fopen($filename, $mode)
The function returns a file pointer resource on success, or FALSE on error. The first argument in the parentheses is the file name in quotes. I will explain the role of the mode (second) argument as we go along.
The simplified syntax to close a file is,
bool fclose($handle)
where $handle is the returned resource above. Any file opened has to be closed, after editing.
The function returns TRUE on success or FALSE on failure.
Text files are created in lines of text. The following simplified syntax reads a line of text from a file:
string fgets($handle)
This function returns the line of text including the newline character (n). It will return FALSE if there is no more line to read. It will still return FALSE if an error occurs. Note that the content of a line may be NULL or 0. So to test for FALSE, use === or !== .
The following simplified syntax writes a line of text to a file:
int fwrite ($handle, $string)
where $handle is the same resource from fopen(), and $string in double quotes, ends with a newline character (n). The function returns the number of bytes written, or FALSE on error. Note that the integer returned may be zero. So to test for FALSE, use === or !== .
Modes
The following are the possible values for the $mode variable above:
'r': Open for reading only; place the file pointer at the beginning of the file.
'r+': Open for reading and writing; place the file pointer at the beginning of the file.
'w': Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.
'w+': Open for reading and writing; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.
'a': Open for writing only; place the file pointer at the end of the file. If the file does not exist, attempt to create it.
'a+': Open for reading and writing; place the file pointer at the end of the file. If the file does not exist, attempt to create it.
'x': Create and open for writing only; place the file pointer at the beginning of the file. If the file already exists, the fopen() call will fail by returning FALSE and generating an error of level E_WARNING. If the file does not exist, attempt to create it. This is equivalent to specifying O_EXCL|O_CREAT flags for the underlying open(2) system call.
'x+': Create and open for reading and writing; otherwise it has the same behavior as 'x'.
'c': Open the file for writing only. If the file does not exist, it is created. If it exists, it is neither truncated (as opposed to 'w'), nor the call to this function fails (as is the case with 'x'). The file pointer is positioned on the beginning of the file. This may be useful if it's desired to get an advisory lock (see flock()) before attempting to modify the file, as using 'w' could truncate the file before the lock was obtained (if truncation is desired, ftruncate() can be used after the lock is requested).
'c+': Open the file for reading and writing; otherwise it has the same behavior as 'c'.
The following code creates a new file and writes lines of text to it.
<?php
if (!$handle = fopen('temp1.txt', 'w'))
{
echo "Cannot open file 'temp1.txt'";
}
else
{
if (fwrite($handle, "The first line.rn") === false)
{
echo "Cannot write 'The first line.n' to temp.txt";
}
if (fwrite($handle, "The second line.rn") === false)
{
echo "Cannot write 'The second line.n' to temp.txt";
}
if (fwrite($handle, "The third line.rn") === false)
{
echo "Cannot write 'The third line.n' to temp.txt";
}
echo 'Data written';
fclose($handle);
}
?>
The file content is:
The first line.
The second line.
The third line.
The expression,
$handle = fopen('temp1.txt', 'w')
results in $handle, which is either the resource or false. It it is false, then !$handle is true. Note the mode that has been used in the above code.
Reading a File
The following code opens and reads the lines of text from a file:
<?php
if (!$handle = fopen('temp1.txt', 'r'))
{
echo "Cannot open file 'temp1.txt'";
}
else
{
while (($buffer = fgets($handle)) !== false)
{
echo $buffer, "<br>";
}
fclose($handle);
}
?>
The output is:
The first line.
The second line.
The third line.
Note the mode that has been used in the above code. The expression,
$buffer = fgets($handle)
results in $buffer, which either has the line of text or "false". It is compared to false with the Not Identical operator. The while-loop reads lines of text until the end-of-file. After the reading of each line, the file pointer points to the next line.
Appending to a File
"Append" means add lines to the bottom. The following code appends a fourth line to the file, temp1.txt :
<?php
if (!$handle = fopen('temp1.txt', 'a'))
{
echo "Cannot open file 'temp1.txt'";
}
else
{
if (fwrite($handle, "The fourth line.rn") === false)
{
echo "Cannot write 'The first line.n' to temp.txt";
}
echo 'Data written';
fclose($handle);
}
?>
Note the mode that has been used in the above code. The file content becomes,
The first line.
The second line.
The third line.
The fourth line.
To edit a file, open the file in the 'r+' mode. Change the line, while it is read. The following code illustrates this, changing the second line:
<?php
if (!$handle = fopen('temp1.txt', 'r+'))
{
echo "Cannot open file 'temp1.txt'";
}
else
{
while (($buffer = fgets($handle)) !== false)
{
if ($buffer === "The second line.rn")
{
$stringlength = strlen($buffer);
fseek($handle, -$stringlength, SEEK_CUR);
$buffer = "The B line.rn";
fwrite($handle, $buffer);
echo $buffer, "<br>";
}
else
{
echo $buffer, "<br>";
}
}
fclose($handle);
}
?>
Whenever a line is read, the file pointer is made to point to the next line. The following code segment takes back the file pointer to the beginning of the line read:
$stringlength = strlen($buffer);
fseek($handle, -$stringlength, SEEK_CUR);
The new file content is:
The first line.
The B line.
ne.
The third line.
The fourth line.
This means that the last characters, 'ne.rn' of the second line were not removed. I will explain how to solve this problem in a later series.
Shortcuts
Consider the funcrion:
int file_put_contents($filename, $string)
This function is identical to calling fopen(), fwrite() and fclose() successively to write data to a file. If filename does not exist, the file is created. Otherwise, the existing file is overwritten.
The function returns the number of bytes (characters) that were written to the file, or FALSE on failure. The function may also return a non-Boolean value which evaluates to FALSE, such as 0 or "". Use === or !== for testing the return value of this function.
The following code illustrates its use:
<?php
$str = "The first line.rnThe second line.rnThe third line.rn";
if (file_put_contents('temp1.txt', $str) !== false)
{
echo 'file created and written to, successfully';
}
?>
Consider the funcrion:
string file_get_contents($filename)
This function is identical to calling fopen(), fgets() and fclose() successively to read all file data into a string.
The function returns the read data or FALSE on failure (the returned string may be "").
The following code illustrates its use:
<?php
$str;
if (($str = file_get_contents('temp1.txt')) !== false)
{
echo $str;
}
?>
That is it for this part of the series.
Chrys
Related Links
Basics of PHP with Security ConsiderationsWhite Space in PHP
PHP Data Types with Security Considerations
PHP Variables with Security Considerations
PHP Operators with Security Considerations
PHP Control Structures with Security Considerations
PHP String with Security Considerations
PHP Arrays with Security Considerations
PHP Functions with Security Considerations
PHP Return Statement
Exception Handling in PHP
Variable Scope in PHP
Constant in PHP
PHP Classes and Objects
Reference in PHP
PHP Regular Expressions with Security Considerations
Date and Time in PHP with Security Considerations
Files and Directories with Security Considerations in PHP
Writing a PHP Command Line Tool
PHP Core Number Basics and Testing
Validating Input in PHP
PHP Eval Function and Security Risks
PHP Multi-Dimensional Array with Security Consideration
Mathematics Functions for Everybody in PHP
PHP Cheat Sheet and Prevention Explained
More Related Links