How are these variables being given their values by php? If you're making use of register_globals then you're asking for problems.
Perform some sanity checks on your data, like using a regex of /^\d+$/ to check for numerical values, and turn globals off; its a security breach waiting to happen. Get the values from $_GET or $_POST and treat each one as malicious until you know its within the bounds of your application as a real value. Thanks, Ash http://www.ashleysheridan.co.uk ----- Reply message ----- From: "Gary" <gp...@paulgdesigns.com> Date: Mon, Dec 13, 2010 17:47 Subject: [PHP] empty() in email message To: <php-general@lists.php.net> I have an email message $msg = 'Name: $fname ' . ' $lname\n' . "Phone: $phone\n" . "Email: $email\n" and it works fine, however in this message there are about 30 variables that are being called...as such . "Order: beefschnitzel $beefschnitzel\n" . "Order: beefstrips $beefstrips\n" . "Order: cheesesausage $cheesesausage\n" . "Order: crumbedsausage $crumbedsausage\n" . "Order: chucksteak $chucksteak\n" . "Order: cornedbeef $cornedbeef\n" . "Order: dicedsteak $dicedsteak\n" . "Order: filletmignon $filletmignon\n" I want to only send the message if the submitter enters an amount in the form for the corresponding variable, instead of having a bunch of empty messages. So I have been trying to use the empty() function as such: . if empty($beefolives){''} elseif (isset($beefolives)) { 'Order: beefolives $beefolives\n'} But I am getting the error Parse error: syntax error, unexpected T_IF Can someone point me in the right direction? Thank you -- Gary __________ Information from ESET Smart Security, version of virus signature database 5699 (20101213) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
