Searching for something within a string

[MainStWebGuy]

Hello all, Newbie here:

 

I'm practicing validating contact forms i've been using on clients websites and trying to come up with a solid way to prevent them.

 

Focusing on header injections in email fields i started thinking: Is there a way to search within a string to look for malicious code? I've read about email injection a little bit and see that some people will use "CC:[email protected], [email protected], email3... "

 

Assuming i was using a form like this:

<form action="mail.php" method="POST">
name: <input type="text" name="name" />
email: <input type="text" name="email" />
</form>

 

and my mail.php had something like this:

<?php
    $email = htmlspecialchars($_POST['email']);
?>

 

is there a way that i could search within the $email variable to see if it contained characters like "CC:" ?

 

if i'm heading in the wrong direction and some of you have some other ways you've found that work well with keeping out the spam i'd sure appreciate a point in the right direction 

 

have any of you found some nice tutorials out there that deal with this? I've googled it, but alas, the results are many, and many of them seem to be very easily worked around (from a spammers point of view)

 

thanks in advance!

Jason

[samshel]

there are lot of regular expression which validate the correct email address format. You can check if entered email is a valid email address...(CC:[email protected]) will not work with this.

[MainStWebGuy]

Thanks Samshel!

 

I'm not too familiar with regular expressions, but i'll start looking into them! thanks for the tip 

[samshel]

u dont need to re-invent the wheel

 

http://regexlib.com/Search.aspx?k=email