Hey all,

I'm a designer, not a developer, but I'm trying to learn. Anyway, I'm
trying to get a contact form working, but apparently I have some empty
expressions here. Of course, I don't know what the heck to put in them.
Here's the lines in question. Any ideas other than "stick with design" and
some choice explitives?

$_POST['email'] = preg_replace("\r", "", $_POST['email']);
$_POST['email'] = preg_replace("\n", "", $_POST['email']);

Uncleclinto

uncleclinto wrote:
> Hey all,
>
> I'm a designer, not a developer, but I'm trying to learn. Anyway, I'm
> trying to get a contact form working, but apparently I have some empty
> expressions here. Of course, I don't know what the heck to put in them.
> Here's the lines in question. Any ideas other than "stick with design" and
> some choice explitives?
>
> $_POST['email'] = preg_replace("\r", "", $_POST['email']);
> $_POST['email'] = preg_replace("\n", "", $_POST['email']);

http://www.php.net/manual/en/function.preg-replace.php

Those two lines can be replaced with

$_POST['email'] = ereg_replace("[\r\n]", "", $_POST['email']);


What they do is remove new-line (\n) carriage return (\r), a text input don't
insert any new lines nor carriage returns. With e-mail forms you usually have
trouble with the from-address, as it's really a mail header and you can inject
new rules for the mail, as extra cc: bcc:, which spammers usually try to take
advantage of.

I wouldn't store a new value in $_POST, but put it in a new variable:

$email = ereg_replace("[\r\n]", "", $_POST['email']);
if($email == $_POST['email']) {
mail(...);
} else {
//if $email isn't the same as $_POST['email'] then we did
//remove header injections and the feedback post is a
//spam, no point in sending it.
}


--

//Aho

"uncleclinto" <walterswebdesign [at] comcast.net> wrote in message
news:0ZudnX9SipOVxajbnZ2dnUVZ_vKunZ2d [at] suscom.com...
> Hey all,
>
> I'm a designer, not a developer, but I'm trying to learn. Anyway, I'm
> trying to get a contact form working, but apparently I have some empty
> expressions here. Of course, I don't know what the heck to put in them.
> Here's the lines in question. Any ideas other than "stick with design"
and
> some choice explitives?
>
> $_POST['email'] = preg_replace("\r", "", $_POST['email']);
> $_POST['email'] = preg_replace("\n", "", $_POST['email']);
>
> Uncleclinto
>
>
$_POST['email'] = preg_replace("/\r/", "", $_POST['email']);
HTH
Vince

"J.O. Aho" <user [at] example.net> wrote in message
news:59l9umF2la5s0U1 [at] mid.individual.net...
> $_POST['email'] = ereg_replace("[\r\n]", "", $_POST['email']);
I'm not certain, but if I remember correctly with smtp, if it were created
on win OS it would likey have \r\n as the section deliminator, whereas on
unix based systems it would be \n.
Is that correct?
If so would the following be correct?
$var = preg_replace("/[\r|r\n]/", "", "email\n and this\n\r or\n");
TIA
Vince

"Vince Morgan" <vinhar [at] REMOVEoptusnet.com.au> wrote in message
news:4635758e$0$13365$afc38c87 [at] news.optusnet.com.au...
Oops
testing artifact-> "or\n"

"Vince Morgan" <vinhar [at] REMOVEoptusnet.com.au> wrote in message
news:4635758e$0$13365$afc38c87 [at] news.optusnet.com.au...
> "J.O. Aho" <user [at] example.net> wrote in message
> news:59l9umF2la5s0U1 [at] mid.individual.net...
> > $_POST['email'] = ereg_replace("[\r\n]", "", $_POST['email']);
> I'm not certain, but if I remember correctly with smtp, if it were created
> on win OS it would likey have \r\n as the section deliminator, whereas on
> unix based systems it would be \n.
> Is that correct?
> If so would the following be correct?
> $var = preg_replace("/[\r|r\n]/", "", "email\n and this\n\r or\n");
> TIA
> Vince
>
>
No it wouldn't, "/[\r|r\n]/" should be "/[\r|\n]/" .

On Apr 29, 10:42 pm, "uncleclinto" <walterswebdes... [at] comcast.net>
wrote:
> Hey all,
>
> I'm a designer, not a developer, but I'm trying to learn. Anyway, I'm
> trying to get a contact form working, but apparently I have some empty
> expressions here. Of course, I don't know what the heck to put in them.
> Here's the lines in question. Any ideas other than "stick with design" and
> some choice explitives?
>
> $_POST['email'] = preg_replace("\r", "", $_POST['email']);
> $_POST['email'] = preg_replace("\n", "", $_POST['email']);
>
> Uncleclinto

Why does everyone use a regular expression for simple find/replace
operations like this? Much easier, and probably a bit faster:

str_replace(array("\n", "\r"), '', $_POST['email']);

Vince Morgan wrote:
> "J.O. Aho" <user [at] example.net> wrote in message
> news:59l9umF2la5s0U1 [at] mid.individual.net...
>> $_POST['email'] = ereg_replace("[\r\n]", "", $_POST['email']);
> I'm not certain, but if I remember correctly with smtp, if it were created
> on win OS it would likey have \r\n as the section deliminator, whereas on
> unix based systems it would be \n.
> Is that correct?

It had been correct if we had talked about standard text-files (dos vs Unix),
but we are talking about mail headers and the rfc don't allow differences
(it's another matter if the mail server does follow the rfc or not).


> If so would the following be correct?
> $var = preg_replace("/[\r|r\n]/", "", "email\n and this\n\r or\n");

ereg_replace("[\r\n]", "", $_POST['email']

already replaces all \r with nothing and all \n with nothing.

--

//Aho

"J.O. Aho" <user [at] example.net> wrote in message
news:59mb7dF2k7066U1 [at] mid.individual.net...
> Vince Morgan wrote:
> > "J.O. Aho" <user [at] example.net> wrote in message
> > news:59l9umF2la5s0U1 [at] mid.individual.net...
> >> $_POST['email'] = ereg_replace("[\r\n]", "", $_POST['email']);
> > I'm not certain, but if I remember correctly with smtp, if it were
created
> > on win OS it would likey have \r\n as the section deliminator, whereas
on
> > unix based systems it would be \n.
> > Is that correct?
>
> It had been correct if we had talked about standard text-files (dos vs
Unix),
> but we are talking about mail headers and the rfc don't allow differences
> (it's another matter if the mail server does follow the rfc or not).
>
Thank you.
>
> > If so would the following be correct?
> > $var = preg_replace("/[\r|r\n]/", "", "email\n and this\n\r or\n");
>
> ereg_replace("[\r\n]", "", $_POST['email']
>
> already replaces all \r with nothing and all \n with nothing.
>
Yes, of course it does.