Sign in
Log inSign up

Should you escape user input for .txt files?

Lila Fowler's photo
Lila Fowler
·Apr 20, 2019

Just wondering if .txt files could 'become harmful' if I didn't escape user input.

My website has a 'logger' that is updated each time a user posts a message and I was thinking that I could just do something like this without sanitizing or escaping the input. What do you think?

if (/*user posts something*/) {
    file_put_contents('logger.txt', $_POST['message'], FILE_APPEND);
}