Jump to content

PHP Form Security Lowercase Problem

Guest Recon

By Guest Recon
in PHP Coding Help

 Share

Recommended Posts

Guest Recon

Guest Recon

Posted
Posted
I have been using a simple PHP form with no security measures but the form has recenty come under heavy attack from spammers. For now, I've taken the form offline while I set up a more secure PHP form script (I'm a total newbie to PHP, btw).

[code]//clean input in case of header injection attempts!
function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
  $patterns[4] = '/\r/';
  $patterns[5] = '/\n/';
  $patterns[6] = '/%0a/';
  $patterns[7] = '/%0d/';
}
//NOTE: can use str_ireplace as this is case insensitive but only available on PHP version 5.0.
return preg_replace($patterns, "", strtolower($value));
}

$name = clean_input_4email($_POST['name']);
$email_address = clean_input_4email($_POST['email_address']);[/code]

This makes all the fields that are 'cleaned' lowercase, but I would like them to stay in the same case that they were entered in. I'm not using PHP 5.0 so I can't use str_ireplace.

How else can I make it work? Does it make it lowercase to to reduce the number of patterns needed? If I added all the possible combinations of the patterns (ie. To: tO: TO: to:), could I change

[code]return preg_replace($patterns, "", strtolower($value));[/code]

to something else? Thanks.
Link to comment
https://forums.phpfreaks.com/topic/13374-php-form-security-lowercase-problem/
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted
If you are use preg_replace use the [b]i[/b] syntax modifier in your expressions like so:
$patterns[0] = '/content-type:/[b]i[/b]';
$patterns[1] = '/to:/[b]i[/b]';
$patterns[2] = '/cc:/[b]i[/b]';

The i makes the expression as case-insensitive. Susch as Cc: is the same as cc:

No need for strtolower. So place the letter i (eye) after you closing delimiter, which is the forward slash (/)
Guest Recon

Guest Recon

Posted
Posted
Thank you. It works perfectly now. :)

One more question though.

[code]$email_address = clean_input_4email($_POST['email_address']);
$nationality = clean_input_4email($_POST['nationality'], false);
$location = clean_input_4email($_POST['location'], false);[/code]

This script lets me choose which fields I clean using the second set of patterns by adding 'false' at the end like above. What do these extra patterns do? Should I use them for all fields? In the example script, they were only used for certain fields. What are they for -- their code means nothing to me? ???

Thanks again.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.