dms Posted April 25, 2009 Report Posted April 25, 2009 (edited) Code posted below: Note: magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off 1st: with Larry's code removed it works as planned. But with no email injection protection. 2nd: with Larry's first block of code... (Check for bad values:) No matter what I type into the First Name field, the last else statement is processed. For example:... Mark 'bbc:' returns: ...Hello Mark 'bbc:', Question: With 'bbc:' entered in the First Name field, shouldn't the response be returned blank? After I get this section of the code working, I'll continue with the rest. Below is my code with Larry Ullman code included, with the variable ($value) changed to ($name-first). <?php /* data received from the form .......................................*/ $name_first = $_POST['firstname']; /* Start of Larry Ullman's code - can be viewed at .... http://w w w.dmcinsights.com/phorum/read.php?6,28810 */ //Check for bad values: function clear_user_input($name_first) { if (stristr($name_first, 'content-type')) return ''; if (stristr($name_first, 'bcc:')) return ''; if (stristr($name_first, 'to:')) return ''; if (stristr($name_first, 'cc:')) return ''; if (stristr($name_first, 'href')) return ''; } /* .... this is the end of Larry Ullman's code....... */ // somewhat validating the form information... if (empty($name_first)){ echo ' Please complete all required areas identified by....';echo ' ..... Green Text: * '; echo ' Use your back button to complete the form.';}else { echo ' Hello ' . $name_first .', ' . 'Your email has been recieved and I will respond asap. ' . 'If this is urgent in nature, please give me a call.';} ?> Edited April 25, 2009 by dms
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now