need help! why no worky?

[Lambneck]

Hi, can anyone figure out whats wrong with this email form processing script? I'm new at this and I patched this together from multiple tutorials but I'm not sure if its written properly especially with calling on the function. Any help is appreciated. Thanks!

 

<?php

// Mail header removal
function isInjected($str) {
$injections = array(
'(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
	return true;
}
else {
	return false;
}
}

// Build the email 
$to = 'info@site.com';
$subject = "Secure contact form message from: $subject";
$message = "$name said: $message";
$headers = "From: $email";

// field validation
if ($subject=="" || $message=="" || $name=="")
{
print ("All form fields are required. Please go back and try again.");
}

else 
{
// email validation
if(!eregi('^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3})?)$', $email)) 
{
print ("Your email address does not appear to be valid. Please go back and try again.");
exit;
}

// Send the mail using PHPs mail() function
mail(isInjected($to), isInjected($subject), isInjected($message), isInjected($headers));

// Redirect
header('Location: ../submitted.php');
}
?>

 

[blacknight]

what the error you get? whats happaning?

[kenrbnsn]

This line

<?php
mail(isInjected($to), isInjected($subject), isInjected($message), isInjected($headers));
?>

is not going to work, since the function isInjected() returns only a "true" or "false" value and the mail() function is expecting strings as parameters.

 

Do the calls before calling mail() and only do the mail() function if all the returned values are "true".

 

Ken

[Lambneck]

aaah! Thank you kenrbnsn.