|
|
Form Security
Date: 01/15/09
(PHP Community) Keywords: php, security, web
Anyone have any advice for form security? I've been trying to use the advice from this page, but it doesn't seem to be working... Specifically, what happens is I get the error page and then the email shows up anyways...
<![CDATA[ if (ereg( "[\r\n\\r\\n]", $lastname ) ||]]><![CDATA[ ereg( "[\r\n\\r\\n]", $email ) ||]]><![CDATA[ereg( "[\r\n\\r\\n]", $firstname )||]]><![CDATA[empty($email) || empty($firstname) ||]]><![CDATA[empty($lastname) || empty($zipcode) ) {]]><![CDATA[header( "Location: error.php" );]]><![CDATA[}]]>
<![CDATA[else {]]><![CDATA[mail( "blah@blah.com", "Website Form Request",]]><![CDATA[$message, "From: $email" );]]><![CDATA[header( "Location: thankyou.php" );]]><![CDATA[}]]>
I added the \\n and \\r because that was what was displaying when I'd test with a \n in the fields. This is my first time working with a form, so I'm sure I have a lot to learn...
Source: http://community.livejournal.com/php/653858.html
|