1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Prevent form email injection...HOW?

Discussion in 'PHP' started by ian_ok, Aug 25, 2005.

  1. #1
    This is my sendmail code, how would i change this to prevent bot's from injecting my code?
    $to = 'email@domain.com;
    $subject = $_POST['subject'];
    $message = $_POST['message'];
    $from = $_POST['from'];
    $from_check = $_POST['from_check'];
    $full_name = $_POST['full_name'];
    $tel = $_POST['tel'];
      
    $headers = "From: ". $_POST['from'] ."\r\n";  
    $headers .= "Reply-To: ". $_POST['from'] ."\r\n";  
    
      $message = "\nInformation Request:   ".$message;
      $message .= "\nName:   ".$full_name;
      $message .= "\nTel Number:   ".$tel;
      $message .= "\nEmail address 2 (could be different):   ".$from_check;
      
    if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $from)) {
       	
      echo "<h4>Sorry info here</h4>";
      echo "<h4><a href='javascript:history.back(1);'>Click here to return</a></h4>";
    } 
    
    elseif ($from_check <> $from) {
       	  echo "<h4>Info here.</h4>";
      echo "<h4><a href='javascript:history.back(1);'>Click here to return</a></h4>";
    }
    elseif(mail($to,$subject,$headers,$message)) {
      echo "<h4>$full_name</h4>";
      echo "<h4>Your email has been sent, we will reply as soon as possible.</h4>";
    } else {
      echo "<h4>Cannot send email</h4>";
    
    Code (markup):
    Thanks Ian
    SEMrush
     
    ian_ok, Aug 25, 2005 IP
    SEMrush
  2. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    use strip_tags() on all POSTed information
     
    Gmorkster, Aug 27, 2005 IP
    ian_ok likes this.