- Oct 9, 2002
- 28,298
- 1,236
- 136
I have no formal training in web design, but I'm sometimes asked to make minor changes to the website for the local cableco I work for...and I can usually figure out just enough to get it done.
I need to modify the "Contact Us" page on our site to have a PHP submission form instead of expecting users to have an email client configured on their computer.
I read a bit about the PHP mail() function and made a prototype in no-time. However, this site says I need to use some built-in PHP functions to clean up the email address field, or someone can inject a full email header (specifying CC / BCC fields to send spam).
I don't know how you're supposed to debug or step-through lines of PHP code, so it was very difficult to figure out that the filter_var() function simply don't work. If I understand correctly, it's supposed to be a native PHP function, just like mail().
Here's how I demonstrate that it doesn't work:
The first two "echo" lines print out on the page. The last two do not, because the page stops simply rendering after the filter_var() function fails. When I veiw-source in IE8, I can see that no more HTML was transmitted to the browser after first two echo commands.
Then I tried the example from the URL I linked earlier. It basically fails the same way (function doesn't work and page doesn't render).
Can anyone tell me why this doesn't work?
I need to modify the "Contact Us" page on our site to have a PHP submission form instead of expecting users to have an email client configured on their computer.
I read a bit about the PHP mail() function and made a prototype in no-time. However, this site says I need to use some built-in PHP functions to clean up the email address field, or someone can inject a full email header (specifying CC / BCC fields to send spam).
I don't know how you're supposed to debug or step-through lines of PHP code, so it was very difficult to figure out that the filter_var() function simply don't work. If I understand correctly, it's supposed to be a native PHP function, just like mail().
Here's how I demonstrate that it doesn't work:
Code:
echo "<br>Before sanitize:<br>";
echo $email;
//Validate email field
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
echo "<br>After sanitize:<br>";
echo $email;The first two "echo" lines print out on the page. The last two do not, because the page stops simply rendering after the filter_var() function fails. When I veiw-source in IE8, I can see that no more HTML was transmitted to the browser after first two echo commands.
Then I tried the example from the URL I linked earlier. It basically fails the same way (function doesn't work and page doesn't render).
Can anyone tell me why this doesn't work?
Last edited:
Facebook
Twitter