studentofstone Posted January 18, 2011 Share Posted January 18, 2011 I am trying to keep the user input clean with this script but can't figure out what is wrong with it. the error I am getting is Warning: preg_match() expects parameter 1 to be string, $bad_strings = array( "content-type:", "mime-version:", "multipart/mixed", "Content-Transfer-Encoding:", "bcc:", "cc:", "to:", ); if (preg_match($bad_strings, $first_name)) { die; Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/ Share on other sites More sharing options...
Maq Posted January 18, 2011 Share Posted January 18, 2011 preg_match takes (string, string) and you're passing in an array for the first parameter. Not entirely sure what you're trying to do here... If you want to check if $first_name exists in the array of bad words then use in_array. Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161547 Share on other sites More sharing options...
Pikachu2000 Posted January 18, 2011 Share Posted January 18, 2011 Warning: preg_match() expects parameter 1 to be string $bad_strings = array( Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161548 Share on other sites More sharing options...
Skylight_lady Posted January 18, 2011 Share Posted January 18, 2011 no comma in: "to:", Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161550 Share on other sites More sharing options...
Maq Posted January 18, 2011 Share Posted January 18, 2011 no comma in: "to:", I think that's actually fine. Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161553 Share on other sites More sharing options...
studentofstone Posted January 18, 2011 Author Share Posted January 18, 2011 preg_match takes (string, string) and you're passing in an array for the first parameter. Not entirely sure what you're trying to do here... If you want to check if $first_name exists in the array of bad words then use in_array. I am trying to make sure the user input (which will be emailed after processing) is only being sent to the proper address by explicitly keeping out bcc: cc: etc. I already have a fair amount of validation, but I wanted to be sure people don't steal the data. Is there a better way? Warning: preg_match() expects parameter 1 to be string $bad_strings = array( /slaps forehead/ of course. Quote Link to comment https://forums.phpfreaks.com/topic/224882-security-questionscrubbing-user-input/#findComment-1161560 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.