Hi all,

improvements on my earlier code submissions on the way. For the "your opinion" form, I am working on an alternative to the database which is writing into a csv file.

enigma1, could you tell me about any possible security issues with the following code ?

<?php

/* Prevent duplicate submissions */
if (isset($_COOKIE['FormSubmitted']))
{
die(header("Location: index.php"));
}
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$navigation = $_POST['navigation'];
$colours = $_POST['colours'];
$products = $_POST['products'];
$comments = stripslashes($_POST['comments']);
$comments = htmlspecialchars($comments);
$timeStamp=date("y.m.d");

$csv_file = 'survey_results.csv';
if (is_writable($csv_file)) {
if (!$csv_handle = fopen($csv_file,'a')) {
// this line is for troubleshooting
// echo "<p>Cannot open file $csv_file</p>";
exit;
}
}

$csv_item = "\"$ip\",\"$agent\",\"$navigation\",\"$colours\",\ "$products\",\"$comments\",\"$timeStamp\"\n";

if (is_writable($csv_file)) {
if (fwrite($csv_handle, $csv_item) === FALSE) {
// this line is for troubleshooting
// echo "Cannot write to file";
exit; }
}
fclose($csv_handle);

/* Set a cookie to prevent duplicate submissions */
setcookie('FormSubmitted', '1');

// this line : uncomment if not troubleshooting
header("Location: index.php?main_page=contact_us&action=success");
?>

Permissions on the csv file are set to allow Group to write, but not World.

Thanks for advice,

Denis