eregi()

Miss-Ruth · December 7, 2010

IS it reliable to use eregi() to prevent email injection?

if (eregi("(\r|\n)", $first) || eregi("(\r|\n)", $second)){

die("Spammer detected");

}else{

//do this

};

trq · December 7, 2010

eregi has long been deprecated.

Miss-Ruth · December 7, 2010

oh ok. Thanks.

Then what's currently used in common/reliable to prevent an email injection?

Miss-Ruth · December 7, 2010

Why cant someone help me or guide me..... ?

trq · December 7, 2010

No need to bump so prematurely, learn some patience. See preg_match.

Miss-Ruth · December 7, 2010

Ok... Now I've done this. Could someone tell me if this is coded correctly and will this prevent email injecting?

<?php
if(IsInjected($emailer) || IsInjected($name))
{
    echo "Hacking Attempt!";
    exit;
}else{
$to = "[email protected], [email protected],".$emailer;
$sender = "The Company";
$subject = "The Subject - $name"; 

$my_msg = "<HTML>
//goes the HTML part
</HTML>";
mail($to, $subject, "", $headers);  
}

function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }  else    {
    return false;
  }
}
?>

Sign In

eregi()

Recommended Posts

Miss-Ruth

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Miss-Ruth

Link to comment

Share on other sites

Miss-Ruth

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Miss-Ruth

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information