|
|
Posted by J.O. Aho on 02/28/07 20:40
rcoan@chaparralboats.com wrote:
> Steve, the ok.htm, error.htm and er.htm pages are not even built yet.
> I wanted to at least get the code working first before I built those
> pages. No I won't give the user a chance to review their info. Right
> now I'm just looking at the url to see if it went through or not.
> the difference in the er.htm and the error.htm are just so I could see
> where in the code it was getting kicked back.
>
> Listen guys, I'm a total newbie at php. This is the first script of
> php I've ever written (as I'm sure it shows) so you responding by:
> $emailInput = array($to, $from, $cc, $bcc, $subject, $message);
> $injections = array('to', 'from', 'cc', 'bcc');
> foreach ($emailInput as $input)
> {
> foreach ($injections as $injection)
> {
> $input = preg_replace("/n?" . $injection . "\s*?:.*?\n/i", '',
> $input);
> }
>
> }
>
> just confuses the hell out of me. I have no idea what that does and
> how it does it. You gave me no explanation other than... "something
> like this is a far more appropriate step: "
Have you used the online manual?
http://www.php.net/manual-lookup.php?lang=en&function=&x=6&y=4
It's just click on the function name to get more information, or enter
the function name into the input field.
As I pointed out before read the user comments too, there are many times
good hints and more examples.
For predefined variables, take a look at
http://www.php.net/manual/en/reserved.variables.php
A hint, take a look at header() to see how to redirect to another page,
just stupid to use those meta tags for that. If you are testing, then
ir's really better to echo out a message than redirect to a new page and
for errors I wouldn't redirect to a new page, as I want to be able to
output exactly what went wrong (of course it's possible to log the
errors to the logfile, but easier to see it on the screen at once).
> I came on here
> asking for help or suggestions and you bashing my ignorance of php
> (which I've admitted) is not really helping me out any at all,
> actually it's just making me feel more like shit b/c I've been sitting
> here looking at this code for two days now and I've tried everything
> that I know of to make this work.
Not sure if you read my first post in this thread, but if you had read
it, you may have seen why it didn't work, POST != GET
> You guys have addressed security concerns
The mail() is many times used quite lightly and there been many whom has
got their mail-forms to be used by spammers, there even been people
visiting comp.mail.sendmail asking why spammers been able to send mail
from their mailserver even if they have denied all mail relays. It don't
take long for those spammers to find the mail-forms, can take less than
a week. Thats why we talk so much about it.
--
//Aho
Navigation:
[Reply to this message]
|