studentofstone Posted January 18, 2011 Share Posted January 18, 2011 I am trying to keep the user input clean with this script but can't figure out what is wrong with it. the error I am getting is Warning: preg_match() expects parameter 1 to be string, $bad_strings = array( "content-type:", "mime-version:", "multipart/mixed", "Content-Transfer-Encoding:", "bcc:", "cc:", "to:", ); if (preg_match($bad_strings, $first_name)) { die; Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/ Share on other sites More sharing options...
Maq Posted January 18, 2011 Share Posted January 18, 2011 preg_match takes (string, string) and you're passing in an array for the first parameter. Not entirely sure what you're trying to do here... If you want to check if $first_name exists in the array of bad words then use in_array. Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161547 Share on other sites More sharing options...
Pikachu2000 Posted January 18, 2011 Share Posted January 18, 2011 Warning: preg_match() expects parameter 1 to be string $bad_strings = array( Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161548 Share on other sites More sharing options...
Skylight_lady Posted January 18, 2011 Share Posted January 18, 2011 no comma in: "to:", Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161550 Share on other sites More sharing options...
Maq Posted January 18, 2011 Share Posted January 18, 2011 no comma in: "to:", I think that's actually fine. Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161553 Share on other sites More sharing options...
studentofstone Posted January 18, 2011 Author Share Posted January 18, 2011 preg_match takes (string, string) and you're passing in an array for the first parameter. Not entirely sure what you're trying to do here... If you want to check if $first_name exists in the array of bad words then use in_array. I am trying to make sure the user input (which will be emailed after processing) is only being sent to the proper address by explicitly keeping out bcc: cc: etc. I already have a fair amount of validation, but I wanted to be sure people don't steal the data. Is there a better way? Warning: preg_match() expects parameter 1 to be string $bad_strings = array( /slaps forehead/ of course. Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161560 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.