Hi Chris,
I couldn't convert the code you where using.
Here's some ideas. It's not finished by any means, and I've left out actually
sending the emails for testing.
You can either strip tags out, use preg_match or various other things to make
sure nothing can be injected that you don't want.
Since you're using a form, I've used $_POST instead of $_GET.
If you look at the email, it will only allow the valid characters, then checks
if it's in the correct format, or be ignored.
You need to do this with every input.
Example: with a name, you could just allow letters, spaces and maybe a '
It's up to you what you allow.
Bob.
<?php
if ($_POST['submit']) {
extract($_POST);
$errors="";
$format = "/^[-_a-z0-9]+(\.[-_a-z0-9]+)[EMAIL
PROTECTED](\.[-a-z0-9]+)*\.[a-z]{2,6}$/i";
if (!preg_match("/[EMAIL PROTECTED]/i",$email) ||
!preg_match($format,$email)) {
$errEmail=1;
$errors.="Invalid email address<br />";
}
if (!preg_match("/[0-9]/",$phone) || strlen($phone)<5) {
$errPhone=1;
$errors.="Invalid telephone number<br />";
}
if (strlen($name)<2) {$errName=1;}
if (strlen($subject)<2) {$errSubject=1;}
if (strlen($message)<2) {$errMessage=1;}
if ($errName || $errEmail || $errPhone || $errSubject || $errMessage) {
echo "<b>Errors: Missing or invalid fields</b><br />$errors";
}
else {
echo "<p>Email sent to: $email</p>";
exit;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html>
<head>
<title>Form processing with PHP</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table cellspacing="0" cellpadding="5" border="0">
<tr>
<td><?php if ($errName) echo "<font color='red'>*</font>"; ?> Your Name:</td>
<td><input type="text" name="name" size="26" value="<?php echo $name; ?>"
/></td>
</tr>
<tr>
<td><?php if ($errEmail) echo "<font color='red'>*</font>"; ?> Your Email:</td>
<td><input type="text" name="email" size="26" value="<?php echo $email; ?>"
/></td>
</tr>
<tr>
<td><?php if ($errPhone) echo "<font color='red'>*</font>"; ?> Your Phone:</td>
<td><input type="text" name="phone" size="26" value="<?php echo $phone; ?>"
/></td>
</tr>
<tr>
<td><?php if ($errSubject) echo "<font color='red'>*</font>"; ?> Subject:</td>
<td><input type="text" name="subject" size="26" value="<?php echo $subject; ?>"
/></td>
</tr>
<tr>
<td valign="top"><?php if ($errMessage) echo "<font color='red'>*</font>"; ?>
Message:</td>
<td><p><textarea name="message" cols="34" rows="4"><?php echo $message;
?></textarea></p>
<p><input type="submit" name="submit" value="Send Mail" /></p></td>
</tr>
</table>
</form>
</body>
</html>
----- Original Message -----
From: "Chris" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, January 30, 2006 8:21 PM
Subject: RE: [php-list] Need help on a php form
> Hi Bob,
>
> The forms always worked - it was the protection
> that I was looking for help on ;-(
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
