I am writing an application in PHP where the user submits a form of data and a file name is chosen based off of the data, like so:
$filename = "./savelocation/".$name."_".$identification."_".$date.'.txt';
I am trying to use the file_exists()
function to check to see if a file with the same name exists. If it does, the final name is changed to prevent overwriting the submitted form data. Here is my implementation:
$file = "./savelocation/".$name."_".$identification."_".$date.'.txt';
$file = preg_replace('/\s+/', '', $file);
$filepath = "./savelocation/".$name."_".$identification."_".$date.'.txt';
if(file_exists($filepath))
{
$file = "./savelocation/"."INVALIDFILE".'.txt';
}
This prevents people from overwriting applications by changing the name to a single file which acts as the 'default file' in which it doesn't matter if it is overwritten. However, I know this is wrong. My logic was that the if statement would return true, which would execute the code inside of the statement changing the file name to the 'default file'. Is this even a good way to prevent duplicate submissions?