Newline PHP in an email form

software development

#1

Hi all,
I’m trying to build a more secure email form. I’m using this code to try and prevent hackers from entering newlines. The bad part is, if the user hits the enter key (which is a pretty normal action), it’s treating the email as malicious and not sending it.

Is there a fairly easy way to strip out the newlines without tanking the script but still keeping my email secure?

function contains_newlines($str_to_test) {
$matched_string = preg_match("/(||\n+|\r+)/i", $str_to_test);

if($matched_string != 0) {
return $err = “<font color=“red”>newline found in $str_to_test. Suspected injection attempt - mail not being sent.
”;
}

================================
Angela Gann
CrimsonDryad Web Design Services
Web Design, Custom Software Development
http://www.crimsondryad.com


#2

i’m not sure. but you can try to use preg_replace

preg_replace("/(\n+|\t+)/i", “”, $str_to_test);

Save [color=#CC0000]$97[/color] (max discount) on dreamhost by using promo code: [color=#CC0000]97CRAZY[/color].


#3

It’s not that simple.

An e-mail message is made from two parts: the message headers and the message body.

Anything that becomes part of a message header needs to be checked for newlines. But don’t stop at just checking for newlines, they are not the only problem to lookout for in message headers.

:cool: [color=#6600CC]Atropos[/color] | openvein.org