Sen böyle bir şey yapıyor yani?

$filename = '/results/' . $_POST['username'] . '/' . $_POST['pollname'] . '/time.txt';
if (isset($_POST["submitwrite"])) {
    $handle = fopen($filename,"w+");
    // etc...

Yoksa seni anlayış değilim?

Edit
To address the issue BalusC pointed out, this is a more complete solution.
It makes sure the $_POST['username'] and $_POST['pollname'] values are valid, so they won't create an invalid or possibly harmful $filename.

<?php
$basedir = '/results';
$basename = 'time.txt';

// Get user and poll names
$username = $_POST['username'];
$pollname = $_POST['pollname'];

// Counteract the old magic_qutoes feature, if needed.
if(get_magic_quotes_gpc()) {
    $username = stripslashes($username);
    $pollname = stripslashes($pollname);
}

// Validate user and poll names.
$regexp = '/^[\w\d\_\-\. \']+$/iu';
if(!preg_match($regexp, $username) || !preg_match($regexp, $pollname)) {
    echo 'Username or pollname is invalid. Aborting!';
}
else {
    // Compile the complete file name
    $filename = $basedir . '/' . $username . '/' . $pollname . '/' . $basename;

    // Write to the file
    if (isset($_POST["submitwrite"])) {
        $handle = fopen($filename,"w+");
        if ($handle) {
            fwrite($handle, "Dan"."¬".$_POST["username"]."¬".$_POST["pollname"]."¬".$_POST["ans1"]."¬".$_POST["ans2"]."¬".$_POST["ans3"]."¬".time());
            fclose($handle);
        }
    }
}
?>