Jump to content

Archived

This topic is now archived and is closed to further replies.

kirka

Trying to use eregi to check string for email injection

Recommended Posts

When I run this code below, it dies when the character r or n is encountered.  I only want it to die when there is a backslash and r or backslash and n together.  I have tried two backlsashes and that does not work either.

Does anybody know how I can fix this?

Thanks,
Kirka

function checkinjection($checkstring)
  {
if (eregi("\r",$checkstring) || eregi("\n",$checkstring)){
die("Problem Sending Email - MI");
}
}

Share this post


Link to post
Share on other sites
I believe || is equal to or so the script is running correctly. Try replacing || with && instead.

Ray

Share this post


Link to post
Share on other sites
@Ray

I did try this, but it did not work.  The || is the logical Or operator.

I think my problem is with the backslash being stripped off in the search.

Thanks,
Kirka

Share this post


Link to post
Share on other sites
Enclose your string in single quotes, not double quotes.

Ken

Share this post


Link to post
Share on other sites
@Ken

I tried single quotes.  The function still dies on a single character r or n.

Thanks,
Kirka

Share this post


Link to post
Share on other sites
I found a solution to my problem.  It is using four backslashes before the r and n.

Thanks.
Kirka

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.