I wrote the following code, and I am wondering if there is a better way to do what I want.
Basically, the code reads a few files and writes HTML forms to edit each of them. I am sending the file name via POST data, but it seems like a security risk to do that.
Is there a better or proper way to do what I'm doing?
Code:
<?php
foreach (glob('*.html', GLOB_NOSORT) as $file) {
echo '<form action="write.php">';
echo '<textarea name="' . basename($file, '.html') . '" cols="80" rows="20">' . file_get_contents($file) . '</textarea>';
echo '<input type="hidden" name="file" value="' . $file . '"><br><br>';
echo '<input type="submit" value="Save Edit"><br><br>';
}
?>