Jump to content


Photo

Trying to use eregi to check string for email injection


  • Please log in to reply
5 replies to this topic

#1 kirka

kirka
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 23 August 2006 - 05:17 PM

When I run this code below, it dies when the character r or n is encountered.  I only want it to die when there is a backslash and r or backslash and n together.  I have tried two backlsashes and that does not work either.

Does anybody know how I can fix this?

Thanks,
Kirka

function checkinjection($checkstring)
  {
if (eregi("\r",$checkstring) || eregi("\n",$checkstring)){
die("Problem Sending Email - MI");
}
}

#2 craygo

craygo
  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 23 August 2006 - 05:29 PM

I believe || is equal to or so the script is running correctly. Try replacing || with && instead.

Ray

#3 kirka

kirka
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 23 August 2006 - 07:33 PM

@Ray

I did try this, but it did not work.  The || is the logical Or operator.

I think my problem is with the backslash being stripped off in the search.

Thanks,
Kirka

#4 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 23 August 2006 - 08:21 PM

Enclose your string in single quotes, not double quotes.

Ken

#5 kirka

kirka
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 23 August 2006 - 10:43 PM

@Ken

I tried single quotes.  The function still dies on a single character r or n.

Thanks,
Kirka

#6 kirka

kirka
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 24 August 2006 - 06:14 PM

I found a solution to my problem.  It is using four backslashes before the r and n.

Thanks.
Kirka




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users