$email_exp = '/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$/'; $string_exp = "/^[A-Za-z .'-äüöÄÜÖ]+\$/"; function has_header_injection($str) { return preg_match("/[\r\n]/", $str); } if (empty($_POST)) { exit(1); // $error.= 'Expected POST Request<br>'; } else { $spam = $_POST['title']; $name = htmlspecialchars(trim($_POST['name'])); $subject = htmlspecialchars(trim($_POST['subject'])); $email_from = htmlspecialchars(trim($_POST['email'])); $message = htmlspecialchars($_POST['message']); if (has_header_injection($name) || has_header_injection($subject) || has_header_injection($email_from)) { if (strlen($spam > 0)) { $error .= 'Sorry, but it appears a Spam Boot is trying to submit this form. <br>'; } } if (empty($name)) { $error .= 'Please enter your Name. <br>'; } else { if (!preg_match($string_exp, $name)) { $error .= 'You entered unknown characters as your Name. Use A-Z, dots or slashes only. <br>'; } } if (empty($subject)) { // $error.= 'Please enter a Subject. <br>'; } else { if (!preg_match($string_exp, $name)) {
<div class="col-md-6"> <?php //functin for header injection. function has_header_injection($str) { return preg_match("/[\r\n]/", $str); } //verify if the form is submitted if (isset($_POST['contact_submit'])) { //Trim function - Eliminate white space and asign to variables $name = trim($_POST['name']); $email = trim($_POST['email']); $msg = $_POST['message']; //verify header injection if (has_header_injection($name || has_header_injection($email))) { die; } //verify if any field is empty if (!$name || !$email || !$msg) { echo "<h4 class='alert alert-danger'>All fields required</h4><a href='#contact' class='btn btn-default'>Try again</a>"; exit; } //variables for the recipient $to = "*****@*****.**"; $subject = "{$name} sent you a message via the contact form"; //construct the message $message = "Name: {$name}\r\n"; $message .= "Email: {$email}\r\n"; $message .= "Message: \r\n"; $message .= "{$msg}";
<?php //check for header injections function has_header_injection($str) { return preg_match("/[\r\n]/", $str); } if (isset($_POST['contact_submit'])) { $name = trim($_POST['name']); $name = trim($_POST['company']); $email = trim($_POST['email']); $message = trim($_POST['message']); //check to see if name or email have header injections if (has_header_injection($name) || has_header_injection($company) || has_header_injection($email) || has_header_injection($message)) { die; } //basic validation checks if (!$name || !company || !$email || !$message) { echo '<script>alert("All fields are required.")</script>'; } //add recipient $to = "*****@*****.**"; $subject = "{$name} wants to be on the email list for Gig!"; $email_body = "Name: {$name}\r\n"; $email_body .= "Company: {$company}\r\n"; $email_body .= "Email: {$email}\r\n"; $email_body .= "Message: {$message}\r\n"; $email_body = wordwrap($email_body, 72); //set mail headers