Chapter 11: Working with Files and Directories
                                 displayFileList( “Invalid filename - please try again” );
                                 return;

                               }




                               Notice that the function uses a regular expression to strip all characters from the filename except letters,
                             digits, underscores, hyphens, and spaces. For security reasons it ’ s always good to restrict user input to a
                             set of known safe characters (without being too restrictive). You can find out more on regular
                             expressions in Chapter 18, and user input filtering and validation in Chapter 20.
                            Next the function appends a   .txt  extension to the end of the filename and sets the  $filepath  variable
                         to store the full path to the file:
                               $filename .= “.txt”;

                               $filepath = PATH_TO_FILES . “/$filename”;
                           The file path is then checked to make sure the file doesn ’ t already exist; if it does, the user is warned
                         and the file isn ’ t created:
                               if ( file_exists( $filepath ) ) {

                                 displayFileList( “The file $filename already exists!” );
                           If the file doesn ’ t exist, it is created by calling  file_put_contents()  with an empty string for the file
                          contents. (  file_put_contents()  automatically creates a file if it doesn ’ t already exist.) If  file_put_
                         contents()  returns exactly  false  (tested with the  ===  operator), the file can ’ t be created and the script
                         exits with an error:

                               } else {
                                 if ( file_put_contents( $filepath, “” ) === false ) die( “Couldn’t create

                             file” );
                          Once the file has been created its permissions are set so that anyone can read and write to the file. Finally,
                           displayEditForm()  is called, passing in the name of the newly created file so the user can begin
                          editing it:

                                 chmod( $filepath, 0666 );

                                 displayEditForm( “$filename” );

                           The displayPageHeader () Function
                          The  displayPageHeader()  utility function simply outputs the XHTML page header common to all
                          pages in the application. This saves having to include the markup more than once in the script. As well
                          as including the standard   common.css  style sheet from Chapter 2, the header defines some extra CSS
                         rules to style any error messages and the file list table:

                                  < link rel=”stylesheet” type=”text/css” href=”common.css” / >
                                  < style type=”text/css” >
                                   .error { background: #d33; color: white; padding: 0.2em; }








                                                                                                         333





                                                                                                      9/21/09   9:10:23 AM
          c11.indd   333                                                                              9/21/09   9:10:23 AM
          c11.indd   333