studentofstone Posted February 25, 2011 Share Posted February 25, 2011 I'm using the following to clean up input from my contact form, but I got header injection attacked anyway. What am I doing wrong? $trail_section_mile = strip_tags(stripslashes($trail_section_mile)) //this is repeated for several other fields, then: $email_message .= "Trail Section Mile Markers: ".clean_string($trail_section_mile)."\n"; //this is repeated for several other fields, then: /* see isInjected function below */ function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href","/n",""); return str_replace($bad,"",$string); } // send the mail Link to comment https://forums.phpfreaks.com/topic/228847-email-form-security/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.