dms Posted April 25, 2009 Report Posted April 25, 2009 (edited) Code posted below: Note: magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off 1st: with Larry's code removed it works as planned. But with no email injection protection. 2nd: with Larry's first block of code... (Check for bad values:) No matter what I type into the First Name field, the last else statement is processed. For example:... Mark 'bbc:' returns: ...Hello Mark 'bbc:', Question: With 'bbc:' entered in the First Name field, shouldn't the response be returned blank? After I get this section of the code working, I'll continue with the rest. Below is my code with Larry Ullman code included, with the variable ($value) changed to ($name-first). <?php /* data received from the form .......................................*/ $name_first = $_POST['firstname']; /* Start of Larry Ullman's code - can be viewed at .... http://w w w.dmcinsights.com/phorum/read.php?6,28810 */ //Check for bad values: function clear_user_input($name_first) { if (stristr($name_first, 'content-type')) return ''; if (stristr($name_first, 'bcc:')) return ''; if (stristr($name_first, 'to:')) return ''; if (stristr($name_first, 'cc:')) return ''; if (stristr($name_first, 'href')) return ''; } /* .... this is the end of Larry Ullman's code....... */ // somewhat validating the form information... if (empty($name_first)){ echo ' Please complete all required areas identified by....';echo ' ..... Green Text: * '; echo ' Use your back button to complete the form.';}else { echo ' Hello ' . $name_first .', ' . 'Your email has been recieved and I will respond asap. ' . 'If this is urgent in nature, please give me a call.';} ?> Edited April 25, 2009 by dms Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.