Hi Chris, No, it's not safe yet. Before you get into validating the data, using extract($_POST); is dangerous as it is. It allows variables to be guessed, then sent to your page.
You could use extract($_POST, EXTR_IF EXISTS); after previously setting all the variable you are letting through. Some set these to $name=""; I read an article somewhere that you should give it value, like $name="X"; Not sure why it would make a difference though? Some say that a list of $name=$_POST['name']; etc is best, as this makes it easy to see what variables are being used, especially for someone updating the page later. You can extract $_POST variables in a function, but it would be best for you to start simple. To strip tags, you would use $name=strip_tags($name); or $message = strip_tags($_POST['message']); There isn't a "one fix" piece of code that will suit everyone. You need to Google for a tutorial on using a form with php, or something like that. Bob. ----- Original Message ----- From: "Chris" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, February 04, 2006 7:04 PM Subject: RE: [php-list] PHP Form > Hi Bob, > > I owe you an apology, I've got my scripts a bit > mixed up - it's been a veeeeery long 2 months > trying to get this form correct ;-( > > How's this?: > > Form: > http://www.130605.com/4 > > Code: > http://www.130605.com/4.phps > > Is it all ok? Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
