<?php // This function checks for email injection.

Specifically, it checks for c arriage returns - typically used by spammers to inject a CC list. function isInj ected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0 D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$ inject/i"; if(preg_match($inject,$str)) { return true; } else { return fa lse; } } // Load form field data into variables. $email_address = $_REQUEST['e mail_address'] ; $comments = $_REQUEST['comments'] ; // If the user tries to ac cess this script directly, redirect them to feedback form, if (!isset($_REQUEST[ 'email_address'])) { header( "C:/Users/GDC3/Desktop/feedback_form.html: feedback _form.html" ); } // If the form fields are empty, redirect to the error page. e lseif (empty($email_address) || empty($comments)) { header( "C:\Users\GDC3\Deskt op\error_message.html: error_message.html" ); } // If email injection is detect ed, redirect to the error page. elseif ( isInjected($email_address) ) { header( "C:\Users\GDC3\Desktop\error_message.html: error_message.html" ); } // If we pa ssed all previous tests, send the email! else { mail( "laxman.431@gmail.com", "F eedback Form Results", $comments, "From: $email_address" ); header( "C:\Users\ GDC3\Desktop\thank_you.html: thank_you.html" ); } ?>