What are the potential pitfalls of writing form data to a file instead of a database in PHP?

Writing form data directly to a file in PHP can lead to security vulnerabilities such as allowing malicious users to inject code into the file or access sensitive information. To mitigate these risks, it is recommended to use a database to store form data securely. 

// Connect to a MySQL database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}

// Process form data and insert into database
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];

$sql = "INSERT INTO form_data (name, email, message) VALUES ('$name', '$email', '$message')";

if ($conn->query($sql) === TRUE) {
  echo "New record created successfully";
} else {
  echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

Keywords

file handling security risks data integrity scalability SQL injection

Related Questions