Code: Select all
//$naughtybits is all the stuff you don't want appearing in an email
$naughtybits=array('\\','+',';','\n','\r','%0A','Content-Type:','MIME-Version:','Content-Transfer-Encoding:','bcc:','cc:','crap');
//Grab form data and clean
$yourname=str_replace($naughtybits,'',$_POST['yourname']);It works fine on my home XXAMP setup (5.1.1) and on my hosts server (4.4.1), but the person I did it for says it doesn't work on their setup.
I've checked the php manual & looked in phpinfo on my setups but can't see any reason why it wouldn't work. Any ideas?
And have I missed any naughtybits that could be used for email injection or sql injection for that matter?