baffled by stripos
Posted: Thu Mar 12, 2009 11:25 am
I'm a bit baffled by php's stripos function. This is my first attempt at using it. I'm trying to use it to prevent header injection in a contact form.
Strangely, this works only if two or more of the prohibited strings are included in the message, but the message goes through with no warning displayed if only one of the prohibited strings is included. Can anyone explain this to me?
Thanks,
Drew
Code: Select all
if(stripos($message, 'to:') ||
stripos($message, 'cc:') ||
stripos($message, 'bcc:') ||
stripos($message, 'content-type:') ||
stripos($message, 'mime-version:') ||
stripos($message, 'content-transfer-encoding:'))
{
displays warning, does not send email
}
else{
sends email
}
Thanks,
Drew