Hi, can anyone figure out whats wrong with this email form processing script? I’m new at this and I patched this together from multiple tutorials but I’m not sure if its written properly especially with calling on the function. Any help is appreciated. Thanks!
[php]
<?php
// Mail header removal
function isInjected($str) {
$injections = array(
'(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
// Build the email
$to = '
[email protected]';
$subject = "Secure contact form message from: $subject";
$message = "$name said: $message";
$headers = "From: $email";
// field validation
if ($subject=="" || $message=="" || $name=="")
{
print ("All form fields are required. Please go back and try again.");
}
else
{
// email validation
if(!eregi('^([._a-z0-9-]+[._a-z0-9-]*)@(([a-z0-9-]+\.)*([a-z0-9-]+)(\.[a-z]{2,3})?)$', $email))
{
print ("Your email address does not appear to be valid. Please go back and try again.");
exit;
}
// Send the mail using PHPs mail() function
mail(isInjected($to), isInjected($subject), isInjected($message), isInjected($headers));
// Redirect
header('Location: ../submitted.php');
}
?>
[/php]
