I am working on having a form on a web page for submitting queries to an email address. I know this isn't exactly a good idea so I am working on checking the text area to see if there is any special characters (html tags opening, attempts to close php tags or quotes) however the two methods I have come up with to do so are failling.
My first attempt was to loop through the inputted string and check each character to see if it was a "<" tag but I kept getting a syntax error saying
Then I realised that this method could be very time consuming for longer queries so I decided to browse around to see other methods and came across regex which seemed much simpler to use with preg_match. So I made a short regex which would check the query had only characters from a small list of characters that I wanted to allow and would then return a message if it had even one unallowed character.Parse error: syntax error, unexpected $end in File goes here on line 59
When I tested this method I got exactly the same message (with a different line) as before. I have checked the line it refers to and all that's there is the end php tag and the line before closes an if statement.
This is the code I used for the regex one as it seems the most versatile:
Code: Select all
<?php
$comment = $_POST['contact_query'];
$sender = $_POST['contact_name'];
$email = $_POST['contact_email'];
$phone = $_POST['contact_phone'];
$header = "From: ".$sender;
$to = ("email address");
$subject = ("Query from website");
$sendMail = false;
$mask = "[^\w\s.!?,]";
$charCheck = preg_match($mask, $comment);
if ($charCheck == 0)
{
echo "You cannot submit a query containing special characters. Please go back and try again";
}
else
{
$sendmail = true;
}
if ($sendMail == true)
{
$body = <<< MAIL
$comment
Senders Name: $sender
Senders Email: $email
Senders Contact: $phone
MAIL;
if(mail($to, $subject, $body, $header))
{
header( 'Location: link to page') ;
}
else
{
echo "A Problem Occurred, Please Go Back and Try Again";
}
}
?>Also, if there is any other problems with my coding can you point it out to me please.
Your help is greatly appreciated.