Wickham Posted January 24, 2010 Report Share Posted January 24, 2010 I had this code in a web form, taken originally from Eric ewwatson on the old forum // Security code to prevent addition of new lines entered into the $name and $email fields by spambots elseif ( eregi( "[\r\n]", $name ) || eregi( "[\r\n]", $email ) ) { header( "Location: $errorurl" ); exit ; } which I understand is deprecated and will be removed from PHP 6.0 so I changed it to // Security code to prevent addition of new lines entered into the $name and $email fields by spambots elseif ( preg_match( "[\r\n]", $name ) || preg_match( "[\r\n]", $email ) ) { header( "Location: $errorurl" ); exit ; } I assume that preg_match can be a straight substitution. The form does work and doesn't raise any PHP errors, but my main question is how do I test like a spambot? What do I enter into a form input box to get the error and rejection? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted January 24, 2010 Report Share Posted January 24, 2010 If I remember correctly, "\r\n" is a line break. I'd have to play with the form myself to be sure, but you could probably test it by trying to type multiple lines into the text box, or something like "texthere \r\n texthere". Quote Link to comment Share on other sites More sharing options...
Wickham Posted January 24, 2010 Author Report Share Posted January 24, 2010 (edited) Yesterday I tried Wickham Wickham in the Name input box but the was just ignored. Today I tried Wickham \r\n Wickham in the Name input box and it went through without an error showing the same text all on one line. I didn't think it would work as the input box is text and \r\n is just text, there's no php to process there. So I'm still not sure whether the code will stop a spambot or how to test like one. php.net says:- int preg_match ( string $pattern , string $subject [, array &$matches [, int $flags [, int $offset ]]] ) so is the format correct in my code? (Leaving out the square brackets // Security code to prevent addition of new lines entered into the $name and $email fields by spambots elseif ( preg_match( "\r\n", $name ) || preg_match( "\r\n", $email ) ) { header( "Location: $errorurl" ); exit ; } raises a php formatting error). I don't understand the terminology in php.net. What if a spambot uses \n\r instead of \r\n or just \r or just \n on their own? Edited January 24, 2010 by Wickham Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.