webguync Posted January 6, 2010 Share Posted January 6, 2010 Does SQL injection only apply to forms that submit to a DB or can it apply to forms that submit to an email address? If it does apply to an email address, please help in cleaning up my code to prevent it. <?php if(!$_POST) exit; $email = $_POST['email']; if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*" ."@"."([a-z0-9]+([\.-][a-z0-9]+)*)+"."\\.[a-z]{2,}"."$",$email )){ $error.="Invalid email address entered"; $errors=1; } if($errors==1) echo $error; else{ $values = array ('name','email','phone','concerning','message'); $required = array('name','email','message'); $your_email = "[email protected]"; $email_subject = "New Message from SandBox web site!"; $email_content = "new message:\n"; foreach($values as $value){ if(in_array($value,$required)){ if( empty($_POST[$value]) ) { echo 'PLEASE FILL IN REQUIRED FIELDS'; exit; } $email_content .= $value.': '.$_POST[$value]."\n"; } } if(mail($your_email,$email_subject,$email_content)) { echo 'Your message has been successfully sent!'; } else { echo 'ERROR! please try again or use the email address listed above to contact Sandbox-Band'; } } ?> Link to comment https://forums.phpfreaks.com/topic/187345-sql-injection-question/ Share on other sites More sharing options...
RaythMistwalker Posted January 6, 2010 Share Posted January 6, 2010 the fact that it is SQL should answer that. Only affects for a database. Link to comment https://forums.phpfreaks.com/topic/187345-sql-injection-question/#findComment-989310 Share on other sites More sharing options...
webguync Posted January 6, 2010 Author Share Posted January 6, 2010 what I thought, but wanted to double check. Thanks. Link to comment https://forums.phpfreaks.com/topic/187345-sql-injection-question/#findComment-989311 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.