PHP Sanitize For Contact Form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
paqman
Forum Contributor
Posts: 125
Joined: Sun Nov 14, 2004 7:41 pm
Location: Burnaby, BC, Canada

PHP Sanitize For Contact Form

Post by paqman »

Anyone have a good tutorial on using the built in php filtering functions for an email contact form in php? I've been playing around with it but am running into problems. To validate their email address,

Code: Select all

filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)
works just fine. I'm trying to sanitize their name, subject and message using something like

Code: Select all

$name = filter_input(INPUT_POST, $_POST["name"], FILTER_SANITIZE_STRING);
clears $name.

I know I'm making a dumb mistake, but I'm not sure what it is. Thanks!
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: PHP Sanitize For Contact Form

Post by requinix »

Code: Select all

$name = filter_input(INPUT_POST, $_POST["name"], FILTER_SANITIZE_STRING);
The variable name is supposed to be just the name, not the entire variable. That's what the INPUT_POST is there for.

Code: Select all

$name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);
Post Reply