Forum Moderators: coopster
The following is the php script as is:
<?php
if(isset($_POST['email'])) {
// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "my email";
$email_subject = "Website enquiry";
function died($error) {
// your error code can go here
echo "We are very sorry, but there are problems with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}
// validation expected data exists
if(!isset($_POST['forname']) ¦¦
!isset($_POST['surname']) ¦¦
!isset($_POST['email']) ¦¦
!isset($_POST['textarea'])) {
died('We are sorry, but there appears to be a problem with the form your submitted.');
}
$first_name = $_POST['forname'];
$last_name = $_POST['surname'];
$email_from = $_POST['email'];
$comments = $_POST['textarea'];
$error_message = "";
$email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
if(!eregi($email_exp,$email_from)) {
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';
}
$string_exp = "^[a-z .'-]+$";
if(!eregi($string_exp,$first_name)) {
$error_message .= 'The First Name you entered does not appear to be valid.<br />';
}
if(!eregi($string_exp,$last_name)) {
$error_message .= 'The Last Name you entered does not appear to be valid.<br />';
}
if(strlen($comments) < 2) {
$error_message .= 'The Comments you entered do not appear to be valid.<br />';
}
if(strlen($error_message) > 0) {
died($error_message);
}
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";
// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>
<!-- include your own success html here -->
<?
}
?>
if someone could show me what and where to add, so a user is unable to enter either:
[whatever,...] or:
www.whatever
I would me most grateful.
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
what I think you want to do is iterate through your $bad array. Second, it's a Good Idea to use regexps for case-insensitivity and attempts to circumnavitare (Bcc : works as well as bcc:):
// Note that 'b*cc[^\:]*:' in a regexp catches CC too.
// zero or more "b" followed by cc . . . .
function clean_string($string) {
$newstring=$killme='';
$bad = array('content-type','b*cc[^\:]*:','to[^\:]*:','href');
foreach ($bad as $killme) {
$newstring = preg_replace("/$killme/i","",$string);
}
return $newstring;
}
Here is what I use [webmasterworld.com] with a few more extended features that answers your question about regular and BB-code style link drops.
<?
$pattern = "/\b(https?¦ftp¦file)://[-A-Z0-9+&@#/%?=~_¦!:,.;]*[-A-Z0-9+&@#/%=~_¦]/";
if(preg_match($pattern, $comments)){
//URL detected in comments
}
?>
