PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I'll admit it right up front that I'm a complete newbie and am having trouble. I have tried seraching for the answer to this and get the concept but can't make it work. I've just set up a form and understand that filtering out certain characters to prevent spamming and injection of headers is the wise thing to do. I've tried various bits of code but it's just not happening. If anyone could be so kind as to post back the full code including the below so I can see where it goes and what variables are used, I'd be very grateful. Any other tips on things to implement along these lines would be appreciated too (thinking of using a Captcha on the form page, but one step at a time...). Thanks
Thanks. That's the kind of code I've been playing with. I can make it strip out the characters after the $body is defined but how do I apply it to the array - which I think I should be doing?
I'm sorry, this is probably very basic stuff and I do intend to get the basics understood asap, but clearly I'm stumbling right now. Thanks for the help.
You can look through the array like you do when creating the body of the message; sanitizeFunction() will be something like the example in url which will sanitize each of the values. Once this is done you continue as normal passing $cleanField to the next foreach loop as opposed to $fields
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
I have a headache... I figured when I saw the last post "oh makes perfect sense", but the result of the below code is no user submitted info coming through on the email. It's like everything is stripped out or the variable being used is empty. Clearly I have far to go, but one last helping hand? Thanks again
Nope. I now have the below. Changed the curly to square, tested without the function and the info came through. Put in the sanitizing exactly as below and no data comes through, just the data labels...
Try modifying the sanitize function like above; Until you mentioned the labels i wondered how you passed the data along; Note that if you use a value in your form like 'Phone Number' it's possible that you will not get the data passed from the form (if you have error reporting enabled this will show up as a notice: Undefined Index"); opt for PhoneNumber or anything that doesn't contain a space.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Sorry, still not working. I've included below the html form on the contact.htm page. This calls contact.php as the action. The full php code is under that. The addition of the POST as suggested resulted in all the labels being stripped and just city and firm data showing up as labels in the received email. I appreciated all the time being donated re this.
<?php
$fields = array(
'NameFirst',
'NameLast',
'Firm',
'City',
'Email',
'Phone',
'Message',
);
function sanitizeFunction($string) {
return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}
foreach ($fields as $value) {
$cleanField[$value] = sanitizeFunction($_POST[$value]);
}
$body = "The following information has been submitted via the website:\n\n"; foreach($cleanField as $a => $b){ $body .= sprintf("%20s: %s\n\n",$a,$b); }
?>
Tested this code and it works; The problem was likely with the $cleanField foreach loop; Note that if you use $_REQUEST[$a] in the sprintf function you will be using data that has not been sanitized by the sanitizeFunction() function.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering