baffled by stripos

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oboedrew
Forum Commoner
Posts: 78
Joined: Fri Feb 20, 2009 1:17 pm

baffled by stripos

Post by oboedrew »

I'm a bit baffled by php's stripos function. This is my first attempt at using it. I'm trying to use it to prevent header injection in a contact form.

Code: Select all

 
if(stripos($message, 'to:') || 
    stripos($message, 'cc:') || 
    stripos($message, 'bcc:') || 
    stripos($message, 'content-type:') || 
    stripos($message, 'mime-version:') || 
    stripos($message, 'content-transfer-encoding:'))
{
    displays warning, does not send email
}
else{
    sends email
}
 
Strangely, this works only if two or more of the prohibited strings are included in the message, but the message goes through with no warning displayed if only one of the prohibited strings is included. Can anyone explain this to me?

Thanks,
Drew
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: baffled by stripos

Post by Mark Baker »

Firts thing to watch for with strpos() or stripos() is the needle you're looking for being found at position 0 in the haystack. 0 is also b00llean False unless you're using strong type checking.

if((stripos($message, 'to:') !== False))
oboedrew
Forum Commoner
Posts: 78
Joined: Fri Feb 20, 2009 1:17 pm

Re: baffled by stripos

Post by oboedrew »

Ah, I get it. The position of "to:" was 0 because it's the first thing I typed in the test message. Makes perfect sense now.

Thanks,
Drew
Post Reply