Eric Gorr wrote:
Any other suggestions?
Well see this example :
function clean_body($body_text) {
if(ini_get('magic_quotes_gpc')) $body_text = stripslashes($body_text); // If magic_quotes are on, strip the extra-added slashes
return htmlentities($body_text); // Return the value
}
This is a good way to start, I think. Filtering the input first would be a nice idea too, especeally if there're more input fields ;-)
htmlentities would potentially make the body text messier then seems necessary.
Shouldn't strip_tags be enough? What dangerous/annoying things might happen if I replaced htmlentities with strip_tags in the above function and then passed the body text to the mail() function?
I do not mind over doing it and potentially getting rid useful text in the body (strip_tags could do this). People, in general, will not be using this form to contact me often enough for it to matter.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
