i'm using the following php function (which i think i was given on these forums a while ago) to try and filter an e-mail form's content to prevent unwanted code (and spamming etc)



function checkOK($field)
{
if (eregi("\r",$field) || eregi("\n",$field)){
die("An error occured sending your message from this page. Please try again later.");
}
}

but this code is so strict in what it does, it will not allow any messages to be sent via e-mail if the visitor to my site has pressed the return key in the middle of their message. how can i allow the user to use the return key but still prevent unwanted code being used?

thanks for you help
karl

That's exactly what the code is supposed to do. I have a complete CAPTCHA-enabled form mailer available for download at http://www.myphpscripts.net/?sid=5. It can validate form fields, log form submissions, and supports multiple file attachments. To date I have never received any reports of spam or security vulnerabilities with my script.

your site seems to be down at the moment, i'll try again later.

in the meantime, does anyone else have any other alternatives?

thanks

You could just remove the line that says "die" to allow carriage returns and line feeds.

but if i remove the 'die' line, that will make the function useless as it won't actually do anything. what i need is something that will allow messages withoug code in them to be sent, but block messages with code in them.

Please can somebody help me out, i just need a function that will filter out unwanted code in text fields, but not prevent people using the return key.

Please can somebody help me out, i just need a function that will filter out unwanted code in text fields, but not prevent people using the return key.

PHP has a predefined function to do this. Try:


strip_tags();

PHP has a predefined function to do this. Try:

PHP Code:
strip_tags();

seems to have worked, thank you