Miss-Ruth Posted December 7, 2010 Share Posted December 7, 2010 IS it reliable to use eregi() to prevent email injection? if (eregi("(\r|\n)", $first) || eregi("(\r|\n)", $second)){ die("Spammer detected"); }else{ //do this }; Quote Link to comment Share on other sites More sharing options...
trq Posted December 7, 2010 Share Posted December 7, 2010 eregi has long been deprecated. Quote Link to comment Share on other sites More sharing options...
Miss-Ruth Posted December 7, 2010 Author Share Posted December 7, 2010 oh ok. Thanks. Then what's currently used in common/reliable to prevent an email injection? Quote Link to comment Share on other sites More sharing options...
Miss-Ruth Posted December 7, 2010 Author Share Posted December 7, 2010 Why cant someone help me or guide me..... ? Quote Link to comment Share on other sites More sharing options...
trq Posted December 7, 2010 Share Posted December 7, 2010 No need to bump so prematurely, learn some patience. See preg_match. Quote Link to comment Share on other sites More sharing options...
Miss-Ruth Posted December 7, 2010 Author Share Posted December 7, 2010 Ok... Now I've done this. Could someone tell me if this is coded correctly and will this prevent email injecting? <?php if(IsInjected($emailer) || IsInjected($name)) { echo "Hacking Attempt!"; exit; }else{ $to = "me@mydomain.com, myFriend@mydomain.com,".$emailer; $sender = "The Company"; $subject = "The Subject - $name"; $my_msg = "<HTML> //goes the HTML part </HTML>"; mail($to, $subject, "", $headers); } function IsInjected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$inject/i"; if(preg_match($inject,$str)) { return true; } else { return false; } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.