matt.sisto Posted March 31, 2009 Share Posted March 31, 2009 Hello I have written 2 mail forms for my client but I am try to implement preg_match to prevent malicious attacks. The code is: message Technical support <?php require "dbconn2.php"; $from = $_POST['email']; $sender = $_POST['name']; $message = $_POST['body']; $to = 'matt.sisto@gmail.com'; $headers = "From: $from"; $spamMessage = "No URLs permitted"; if (preg_match("http/i", "$message")) { echo $spamMessage; exit(); } else { mail($to, $sender, $message, $headers); header("Location: technical.php"); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>?Message Consultant</title> </head> <body> </body> message consultant <?php require "dbconn2.php"; $from = $_POST['email']; $sender = $_POST['name']; $message = $_POST['body']; $con_id =$_POST['con_id']; if (preg_match("http/i", "$message")) { header("Location: index.php"); exit(); } else{ $sql = "SELECT email_address FROM consultant WHERE con_id = '$con_id'"; $result=mysql_query($sql); $to = mysql_result($result, 0, 0); $headers = "From: $from"; mail($to, $sender, $message, $headers); header("Location: message.php"); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>?Message Consultant</title> </head> <body> </body> </html> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> Even when I enter a url into $message it still sends the email. I can't figure it out. Appreciate any help. Link to comment https://forums.phpfreaks.com/topic/151923-solved-whats-wrong-with-my-code-please-help/ Share on other sites More sharing options...
Adam Posted March 31, 2009 Share Posted March 31, 2009 Try: preg_match("/http:\/\//i", $message) Adam Link to comment https://forums.phpfreaks.com/topic/151923-solved-whats-wrong-with-my-code-please-help/#findComment-797765 Share on other sites More sharing options...
Brian W Posted March 31, 2009 Share Posted March 31, 2009 This kind of seems to be a repost of http://www.phpfreaks.com/forums/index.php/topic,245664.0.html... Link to comment https://forums.phpfreaks.com/topic/151923-solved-whats-wrong-with-my-code-please-help/#findComment-797767 Share on other sites More sharing options...
matt.sisto Posted March 31, 2009 Author Share Posted March 31, 2009 Thanks alot it works now. Link to comment https://forums.phpfreaks.com/topic/151923-solved-whats-wrong-with-my-code-please-help/#findComment-797770 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.