Wolverine68 Posted June 10, 2008 Share Posted June 10, 2008 I'm trying to add more security to a request form that will prevent header injections. Upon submission I get the following error: "Parse error: parse error, unexpected ';' in cgi-bin/feedback9.php on line 15. Why would it flag the semi-colon? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <body> <?php $checkbox0 = $_POST['Programs'][0]; $checkbox1 = $_POST['Programs'][1]; $checkbox2 = $_POST['Programs'][2]; $checkbox3 = $_POST['Programs'][3]; $checkbox4 = $_POST['Programs'][4]; $checkbox5 = $_POST['Programs'][5]; ?> <?php $formBody= preg_replace("([\r\n])", "", "Name:$name\nEmail:$email\nPhone:$phone\nAddress:$address\nI'd like more information on the following programs: $checkbox0, $checkbox1, $checkbox2, $checkbox3, $checkbox4, $checkbox5 \nComments:$comments"; $headers = preg_replace("([\r\n])", "", "From:$email"; $match = "/ (bcc:|cc:|content\-type:)/i"; if (preg_match($match, $formBody) || preg_match($match, $headers)) { die("Header injections have been found."); } if(isset($submit)) { mail("[email protected]", "Information Request",$formBody, $headers); }else{ die("Direct access is prohibited."); } if ($submit) { print "Thank you. Your request has been submitted <br /> <br />"; print "Current date and time :" print date("F j, Y g:i A T"); } ?> </body> </html> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Request Form</title> </head> <body background="#EEEEEE"> <h3 align="center">Information Request Form</h3> <div> <form action="cgi-bin/feedback9.php" method="post"> <hr width="100%"> <p>Name:     <INPUT TYPE="text" SIZE="35" name="name"></p> <p>E-mail:    <INPUT TYPE="text" SIZE="35" name="email"></p> <p>Phone:    <INPUT TYPE="text" SIZE="35" name="phone"></p> <p>Address:<INPUT TYPE="text" SIZE="35" name="address"></p><br> I would like more information on the following (check all that apply):<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Adult Sunday School">Adult Sunday School<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Bible Studies"">Bible Studies<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Children's Programs">Children's programs<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Missions">Missions<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Music">Music/Choir<br> <INPUT TYPE="checkbox" NAME="Programs[]" VALUE="Youth">Youth group<br><br> Please add any additional comments or questions in the box below:<br> <TEXTAREA NAME="comments" ROWS=10 COLS=60> </TEXTAREA> <br><br> <input type="submit" name="submit" value="Submit"><br<br> <hr width="100%"> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/ Share on other sites More sharing options...
DarkerAngel Posted June 10, 2008 Share Posted June 10, 2008 change: <?php $formBody= preg_replace("([\r\n])", "", "Name:$name\nEmail:$email\nPhone:$phone\nAddress:$address\nI'd like more information on the following programs: $checkbox0, $checkbox1, $checkbox2, $checkbox3, $checkbox4, $checkbox5 \nComments:$comments"; ?> to <?php $formBody= preg_replace("([\r\n])", "", "Name:$name\nEmail:$email\nPhone:$phone\nAddress:$address\nI'd like more information on the following programs: $checkbox0, $checkbox1, $checkbox2, $checkbox3, $checkbox4, $checkbox5 \nComments:$comments"); ?> Your missing an ')' Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-561632 Share on other sites More sharing options...
Wolverine68 Posted June 10, 2008 Author Share Posted June 10, 2008 Thanks. Good eye. Now, upon submission, I get "Parse error: parse error, unexpected T_PRINT in cgi-bin/feedback9.php on line 33" Before I added the code to prevent header injections, those print statements worked. I didn't add or modify anything around that bit of code. Why would it have a problem now? Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-561654 Share on other sites More sharing options...
Wolverine68 Posted June 10, 2008 Author Share Posted June 10, 2008 bump Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562103 Share on other sites More sharing options...
jonsjava Posted June 10, 2008 Share Posted June 10, 2008 cleaned up the code <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <body> <?php $checkbox0 = $_POST['Programs'][0]; $checkbox1 = $_POST['Programs'][1]; $checkbox2 = $_POST['Programs'][2]; $checkbox3 = $_POST['Programs'][3]; $checkbox4 = $_POST['Programs'][4]; $checkbox5 = $_POST['Programs'][5]; ?> <?php $formBody= preg_replace("([\r\n])", "", "Name:$name\nEmail:$email\nPhone:$phone\nAddress:$address\nI'd like more information on the following programs: $checkbox0, $checkbox1, $checkbox2, $checkbox3, $checkbox4, $checkbox5 \nComments:$comments"); $headers = preg_replace("([\r\n])", "", "From:$email"); $match = "/ (bcc:|cc:|content\-type:)/i"; if (preg_match($match, $formBody) || preg_match($match, $headers)) { die("Header injections have been found."); } if(isset($submit)) { mail("[email protected]", "Information Request",$formBody, $headers); }else{ die("Direct access is prohibited."); } if ($submit) { print "Thank you. Your request has been submitted <br /> <br />"; print "Current date and time :"; print date("F j, Y g:i A T"); } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562110 Share on other sites More sharing options...
Wolverine68 Posted June 10, 2008 Author Share Posted June 10, 2008 What did you change in the code? I don't see anything different. Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562177 Share on other sites More sharing options...
Wolverine68 Posted June 10, 2008 Author Share Posted June 10, 2008 Oh, I see it. I didn't have a ; at the end of print "Current date and time :" Thanks. Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562186 Share on other sites More sharing options...
Barand Posted June 10, 2008 Share Posted June 10, 2008 They aren't too difficult for you to find. If you get an "unexpected X" then there is something missing before the X. Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562344 Share on other sites More sharing options...
Wolverine68 Posted June 11, 2008 Author Share Posted June 11, 2008 It is working, but when the submitted information arrives in the e-mail it is all scrunched together. So, by using this script to make your forms more secure, I take it you're sacrificing neatness, since the line breaks are stripped away? <br> tags aren't going to work. Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562668 Share on other sites More sharing options...
Wolverine68 Posted June 11, 2008 Author Share Posted June 11, 2008 This code takes away the line breaks, so when the form is submitted, the information shows up in the destination e-mail address all scrunched together. $formBody= preg_replace("([\r\n])", "", I found that if I put "|||||" instead of "", it will put some space between Name, E-mail, phone, address, and comments or if I simply put blank space between the quotation marks. But, is there another way I can have Name, E-mail, address, phone, and comments on separate lines but not sacrificing the security? Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562771 Share on other sites More sharing options...
TravisJRyan Posted June 11, 2008 Share Posted June 11, 2008 ... Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562775 Share on other sites More sharing options...
Wolverine68 Posted June 11, 2008 Author Share Posted June 11, 2008 Could you elaborate on that please? Are you saying that instead of $formBody= preg_replace("([\r\n])", "", it should be $formBody= preg_replace("([\r\n])", " ... ", ? Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-562783 Share on other sites More sharing options...
Wolverine68 Posted June 11, 2008 Author Share Posted June 11, 2008 bump Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-563158 Share on other sites More sharing options...
Wolverine68 Posted June 12, 2008 Author Share Posted June 12, 2008 bump Link to comment https://forums.phpfreaks.com/topic/109488-parse-error-when-submitting-form/#findComment-563533 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.