Page 1 of 1

PHP Sanitize For Contact Form

Posted: Wed Jan 28, 2009 8:07 pm
by paqman
Anyone have a good tutorial on using the built in php filtering functions for an email contact form in php? I've been playing around with it but am running into problems. To validate their email address,

Code: Select all

filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)
works just fine. I'm trying to sanitize their name, subject and message using something like

Code: Select all

$name = filter_input(INPUT_POST, $_POST["name"], FILTER_SANITIZE_STRING);
clears $name.

I know I'm making a dumb mistake, but I'm not sure what it is. Thanks!

Re: PHP Sanitize For Contact Form

Posted: Wed Jan 28, 2009 8:29 pm
by requinix

Code: Select all

$name = filter_input(INPUT_POST, $_POST["name"], FILTER_SANITIZE_STRING);
The variable name is supposed to be just the name, not the entire variable. That's what the INPUT_POST is there for.

Code: Select all

$name = filter_input(INPUT_POST, "name", FILTER_SANITIZE_STRING);