A client has asked us to not allow certain characters to be parsed through the email form we have.
Can someone please help as this is beyond me.
For example. The form allows someone to enter the following (this is what they do not want)
Name: <<>>”"& &”
Company_Name: <<>>”"& &”
Telephone: <<>>”"& &”
Email: <<>>”"& &”
Web_Site_Comments: <<>>”"& &”
As you can see the characters:
<
<
> etc.. are being allowed via the form.
They basically are telling me that we need to NOT allow this.
Here is the code for my email form
[code]
<?
//# Include the connections script to make a database connection.
include(“inc/connect.inc”);
$parts = parse_url(strip_tags(rawurldecode(‘http://’ .
$_SERVER[‘SERVER_NAME’] . $_SERVER[‘REQUEST_URI’])));
//# The form should post to itself.
//# The form should post to itself.
// clean out any malicious data
foreach ($parts as $k => $v) {
$v = strip_tags(rawurldecode($v));
if (get_magic_quotes_gpc() == 1) {
$parts[$k] = $v;
}else{
$parts[$k] = addslashes($v);
}
}
//# The form should post to itself.
if ( $_POST[‘submit’] ) {
require(‘inc/removexss.php’);
$_POST = array_map(‘removeXSS’, $_POST);
$valid = 1;
//# The fields all follow this patern.
//# If you do not require an error check for a field then just use the
//# post field method and not the error check method
$producta = $_POST[‘producta’];
$Name = $_POST[‘Name’];
if ( empty($Name) ) {
$valid = 0;
$Name_error = ‘Please Enter your Name’;
}
$Company_Name = $_POST[‘Company_Name’];
if ( empty($Company_Name) ) {
$valid = 0;
$Company_Name_error = ‘Please Enter your Company Name’;
}
$Telephone = $_POST[‘Telephone’];
if ( empty($Telephone) ) {
$valid = 0;
$Telephone_error = ‘Please Enter your Telephone Number’;
}
$Email = $_POST[‘Email’];
$Web_Site_Comments = $_POST[‘Web_Site_Comments’];
// End of error checking.
if ( $valid == 1 )
{
// In testing, if you get an Bad referer error
// comment out or remove the next three lines
if (strpos($_SERVER[‘HTTP_REFERER’], $_SERVER[‘HTTP_HOST’])>7 ||
!strpos($_SERVER[‘HTTP_REFERER’], $_SERVER[‘HTTP_HOST’]))
die(“Bad referer”);
$msg=”Enquiry Form.:nn”;
foreach($_POST as $key => $val){
if (is_array($val)){
$msg.=”Item: $keyn”;
foreach($val as $v){
$v = stripslashes($v);
$msg.=”$vn”;
}
} else {
$val = stripslashes($val);
$msg.=”$key: $valn”;
}
}
$recipient=”*****”;
$subject=”Enquiry Form”;
error_reporting(0);
if (mail($recipient, $subject, $msg)){
echo nl2br($input);
} else
echo “An error occurred and the message could not be sent.”;
header(“Location: thanks.php”);
exit;
}
}
?>
Please is there a way to STOP these characters going via email.