Posted by Oli Filth on 10/25/05 02:54

Tobierre said the following on 25/10/2005 00:27:
> Hi All,
>
> I want to filter user input from a form to guard against mail injection.
> I'm a complete novice when it comes to regular expressions! But I've
> managed to pull together the below code together from reading around various
> sites etc.
>
> $filter[] = preg_match("/\\\N/ i", $string);
> $filter[] = preg_match("/\\\R/ i", $string);
> $filter[] = preg_match("/bcc:/ i", $string);
> $filter[] = preg_match("/to:/ i", $string);
> $filter[] = preg_match("/content-type/ i", $string);
>
> if(array_sum($filter) > 0)
> {
> //redirect user and do not send mail
> }
> else
> {
> //send mail and display thank you
> }
>
> What I wanted to know, is this the most efficient way of doing this with
> Regular Expressions? or does anyone know of any native PHP functions that
> can do the same quicker?
>

For a start, if all you're doing is simple string searching, there's no
point in using preg_match(). strpos() (or stripos()) is more appropriate.


--
Oli

[Back to original message]