This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How can I convert ereg expressions to preg in PHP?
Escape string to use in mail()
I am trying send my form, but I get this error...
Deprecated: Function eregi() is deprecated
I tried replacing it with preg_match(), but no luck. Here is my code:
$all_valid = $name_valid = $email_valid = $comments_valid = true;
if (isset($_POST['submit'])) {
if ($_POST['name'] == '') {
$all_valid = $name_valid = false;
}
if ($_POST['comments'] == '') {
$all_valid = $comments_valid = false;
}
if (!$validator->check_email_address($_POST['email'])) {
$all_valid = $email_valid = false;
}
if ($all_valid) {
// #### NO PROBLEMS FOUND - PROCESS THE FORM DATA HERE
$mail_to = 'cat30#hotmail.com'; // recipient address
$subject = "Email from website"; // email message subject line
$name = mysql_real_escape_string(trim($_POST['name'])); // sanitize the name
if (eregi("\r",$name) || eregi("\n",$name)){ // avoid email header injection
die();
}
$mail_from = mysql_real_escape_string(trim($_POST['email'])); // sanitize their email address
if (eregi("\r",$mail_from) || eregi("\n",$mail_from)){ // avoid email header injection
die();
}
$comments = htmlspecialchars(trim($_POST['comments'])); // convert HTML characters into entities
$headers = 'From: '. $mail_from. "\r\n";
mail($mail_to, $subject, $comments, $headers);
$response = '<h2>Thanks for contacting us, will get back to you soon</h2>';
}
}
It returns a slightly different value than eregi but if I'm reading your code correctly you should be able to use the strpos() function to determine if a substring exists in a string. Eregi ignores case so you might have to combine this with a strtolower($string) call too.
Something like this:
if (strpos("\r",strtolower($name)) || strpos("\n",strtolower($name)))
Related
This question already has answers here:
How can I convert ereg expressions to preg in PHP?
(4 answers)
Closed 9 years ago.
Hi ı know that we do not eregi but preg_match but when ı change only eregi code it doesnt work, how can ı change the code below please just a little help, ı am a newbie
function verify_valid_email($emailtocheck)
{
$eregicheck = "^([-!#\$%&'*+./0-9=?A-Z^_`a-z{|}~])+#([-!#\$%&'*+/0-9=?A-Z^_`a-z{|}~]+\\.)+[a-zA-Z]{2,4}\$";
return eregi($eregicheck, $emailtocheck);
}
function verify_email_unique($emailtocheck)
{
global $config,$conn;
$query = "select count(*) as total from members where email='".mysql_real_escape_string($emailtocheck)."' limit 1";
$executequery = $conn->execute($query);
$totalemails = $executequery->fields[total];
if ($totalemails >= 1)
{
return false;
}
else
{
return true;
}
}
If you need to validate e-mail addresses, you can look at this page which provides a working example using only filter_var() :
if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
echo "This ($email_a) email address is considered valid.";
};
So in your code, you should just drop all the regex/eregi stuff and use this instead :
return filter_var($emailtocheck, FILTER_VALIDATE_EMAIL);
If you want to do it this way, you can base yourself on the following methods:
<?php
$email = \"abc123#somewhere\"; // Invalid email address
//$email = \"somebody#somesite.com\"; // Valid email address
// Set up regular expression strings to evaluate the value of email variable against
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
// Run the preg_match() function on regex against the email address
if (preg_match($regex, $email)) {
echo $email . \" is a valid email. We can accept it.\";
} else {
echo $email . \" is an invalid email. Please try again.\";
}
?>
or:
$string = "$emailtocheck";
if (preg_match(
'/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\#[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/',
$string)) {
echo "Successful.";
}
or:
<?php
$email = "abc123#sdsd.com";
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if (preg_match($regex, $email)) {
echo $email . " is a valid email. We can accept it.";
} else {
echo $email . " is an invalid email. Please try again.";
}
?>
Source: https://stackoverflow.com/a/13719991/1415724
or:
<?php
// check e-mail address
// display success or failure message
if (!preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*#([a-zA-Z0-9_-
])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $_POST['e-mail'])) {
die("Invalid e-mail address");
}
echo "Valid e-mail address, processing...";
?>
Source: http://www.techrepublic.com/article/regular-expression-engine-simplifies-e-mail-validation-in-php/
Plus, you can try what André Daniel wrote as an answer as well. You have many choices.
This question already has answers here:
How can I convert ereg expressions to preg in PHP?
(4 answers)
Closed 8 years ago.
When i place "&email&" in the message body in phpmailer the output message changes "&email&" to the e-mail address in the $to array. but it only uses the first email and it does see the rest. how do i make it get the rest emails and place it accordingly to the emails messages ?
$nq=0;
for($x=0; $x<$numemails; $x++)
{
$to = $allemails[$x];
if ($to)
{
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
$qx=$x+1;
print "Line $qx . Sending mail to $to.......";
flush();
}
}
===
i can not post below is the image link :
http://filevault.org.uk/testee/mailer_image.png
Hope you'll understand now.
You shouldn't be using ereg_* anymore as it is deprecated - preg_replace is it's successor, though it looks like you only need str_replace anyway:
$message = str_replace("&email&",$to,$message);
If for some reason you really have to use ereg:
You may need the global flag g
ereg_replace("&email&g",
Different replacement every time
$to = array('email1#me.com','em2#me.com');
$text = 'asdkfjalsdkf &email& and then &email&';
$email_replacements = $to;
function replace_emails()
{
global $email_replacements;
return array_shift($email_replacements); //removes the first element of the array of emails, and then returns it as the replacement
}
var_dump(preg_replace_callback('#&email&#','replace_emails',$text));
//"asdkfjalsdkf email1#me.com and then em2#me.com"
Integrated:
$to = $allemails[$x];
$email_replacements = $to;
function replace_emails()
{
global $email_replacements;
return array_shift($email_replacements); //removes the first element of the array of emails, and then returns it as the replacement
}
if($to)
{
$message = preg_replace_callback('#&email&#','replace_emails',$message);
$subject = preg_replace_callback('#&email&#','replace_emails',$subject);
$qx=$x+1;
print "Line $qx . Sending mail to $to.......";
flush();
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 years ago.
I want to redirect the user to a thank you page after the form is sucessfully submitted. I use the below script but get error message. please help.
<?php
session_start();
$name = check_input($_POST['name'], "Name cannot be empty.");
$email = check_input($_POST['email'], "Email address cannot be empty.");
if(!preg_match("/^([A-Za-z\s\-]{2,45})$/i", $name))
{
show_error("name not valid.");
}
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email))
{
show_error("Email address not valid.");
}
htmlentities ($message, ENT_QUOTES);
require("../PHPMailer/class.phpmailer.php");
$mail = new PHPMailer();
$mail->From = "$email";
$mail->AddAddress("myfriend#example.net");
$mail->Subject = "An HTML Message";
$mail->Body = "Hello, <b>my friend</b>! \n\n This message uses HTML entities!";
$mail->WordWrap = 50;
foreach(array_keys($_FILES['photo']['name']) as $key) {
$source = $_FILES['photo']['tmp_name'][$key]; // location of PHP's temporary file for this.
$filename = $_FILES['photo']['name'][$key]; // original filename from the client
$mail->AddAttachment($source, $filename);
}
/* Redirect visitor to the thank you page */
header('Location: pthankyou.php');
exit();
function check_input($data, $problem='')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlentities($data);
if ($problem && strlen($data) == 0)
{
show_error($problem);
}
return $data;
}
function show_error($Error)
{}
?>
Error Message
Warning: Cannot modify header information - headers already sent by
(output started at PHPMailer/class.phpmailer.php:1370) in process.php
on line 66
redirect() is a particular php built-in function that needs to be called before any output.
An output could be:
echo
html tags
var dumping
spacese before <?php tag
However, I didn't see redirect() included in your code. If you want more specific help, you have to include the snippet of code where your issue is.
I having a issue filtering bad words inside a contact form message.
It strips all the message except the first letter of the word.
Any help?
below is just getting the info
<?php
$error = '';
if(!empty($_POST['username'])) $username = $_POST['username'];
if(!empty($_POST['email'])) $email = $_POST['email'];
if(!empty($_POST['subject'])) $subject = check($_POST['subject']);
if(!empty($_POST['message'])) $msg = filter($_POST['message']);
this is the function I am trying to use to strip the bad words and replace them
$bad_words = array(
'word1' => 'gosh',
'word2' => 'darn',);
function filter($matches) {
global $bad_words;
$replace = $bad_words[$matches[0]];
return !empty($replace) ? $replace : $matches[0];
}
checks the drop down options and doesn't allow certain subjects to be emailed.
function check($str){
global $error;
if ($str == 'Mean Spirited Comment'){
$error = 'You sent a Mean-Spirited Comment';
} else if ($str =='Political Comment'){
$error = 'You sent a Political Comment';
}
return $str;
}
places the info and sends
$to = 'email#email.com';
if (!empty($subject) && !empty($msg) && !empty($email) && !empty($username)){
if ($error == ''){
mail($to, $subject, $msg, 'From:' . $email);
} else {
print $error;
}
}
?>
You could use str_replace since it can take array.
For instance:
$message = "Hello there my good friends! I am very happy to see you all today even though I feel like crap.";
$badWords = array("Crap", "Damnit", "Frack");
echo str_replace($badWords, "*", $message);
Results would be: Hello there my good friends! I am very happy to see you all today even though I feel like *.
Why re-invent new methods when PHP already offers plenty of useful ones? This should be enough to remove "bad words" from messages being sent.
Is there any better way to stop spam coming through on my phpmailer script?
Also how would I go about adding formatting to this so its more readable when it gets sent through to email e.g. break lines
I hope my php syntax is correct - as i do not understand PHP.
<?php
# bool has_injection (String $var, [String $var, ...])
function has_injection () {
$values = func_get_args();
for ($i=0, $count=func_num_args(); $i<$count; $i++) {
if ( stristr($values[$i], "%0A") || stristr($values[$i], "%0D") || stristr($values[$i], "\\r") || stristr($values[$i], "\\n")
|| stristr($values[$i], "Bcc") || stristr($values[$i], "Content-Type") ) {
return true;
}
}
return false;
}
$error = '';
if (isset($_POST) && count($_POST)>0) {
# The form has been submitted
$course_title = $_POST['course_title'];
$course_date = $_POST['course_date'];
$course_code = $_POST['course_code'];
$course_fee = $_POST['course_fee'];
$break .= "\n";
$qual_subject_level = $_POST['qual_subject_level'];
$break .= "\n";
$email = $_POST['email'];
if ($name && $email && $subject) {
if (has_injection($name, $email, $subject)) {
# You've got another spammer at work here
$error = 'No spamming';
exit(0);
}
else {
# It's safe to send the message
mail('my#gmail.com',
$subject,
$course_title,
$course_code,
$course_fee,
$break,
$qual_subject_level,
$break,
$subject,
"From: $name <$email>");
}
}
else {
$error = 'Please fill in all the forms';
}
}
?>
One i use is have a text area and use your .css file to display:none it most bots dont read the css and thus think that the text box is shown and if it has content in it it's a bot if it does not then send your email.
E.G CSS
.antiBot{display:none};
HTML
<input type="text" class="antiBot" name="antibot" value="" />
PHP
<?php
if($_REQUEST['antibot'] == ""){
// send your email
}else{
// bot using your system
}
?>
How ever change the name or bot will get be able to notice its a trap and will get around it with little work insted of having to parse the CSS file for your site
So in your case just rap the if above around your code as for formatting of an email if its plain text use dubble quotes and \n (newline) but it wont work in single quotes.