$bad_string found. Suspected injection attempt - mail not being sent!."; $returnMsg = "The data entered contains invalid or badly formatted characters."; break; } } return $returnMsg; } function contains_newlines($str_to_test) { $returnMsg = ''; if(preg_match("/(%0A|%0D|\\n+|\\r+)/i", $str_to_test) != 0) { //echo "newline found in $str_to_test. Suspected injection attempt - mail not being sent."; $returnMsg = "The data entered contains invalid or badly formatted characters."; } return $returnMsg; } function is_valid_email ($emailStr = "") { //$pattern = '/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/'; // my old pattern $pattern = '#^[a-z0-9.!\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\s]+\.+[a-z]{2,6}))$#si'; $email = $emailStr; $urlname = urlencode($emailStr); if (preg_match($pattern, $emailStr) > 0) return true; else return false; }; function validateEmailStrong ($toName, $toEmail, $fromName, $fromEmail, $theSubject) { $returnMsg = ''; // check for bad strings $returnMsg = contains_bad_str ($toName); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_bad_str ($toEmail); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_bad_str ($fromName); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_bad_str ($fromEmail); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_bad_str ($theSubject); if (strlen ($returnMsg) > 0) return $returnMsg; // check for newlines $returnMsg = contains_newlines ($toName); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_newlines ($toEmail); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_newlines ($fromName); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_newlines ($fromEmail); if (strlen ($returnMsg) > 0) return $returnMsg; $returnMsg = contains_newlines ($theSubject); if (strlen ($returnMsg) > 0) return $returnMsg; // check get/post method if ($_SERVER['REQUEST_METHOD'] != "POST") return ("Access error; please reload the form and submit again."); // check email address if (!is_valid_email($toEmail)) return ("Address $toEmail contains invalid characters."); if (!is_valid_email($fromEmail)) return ("Address $fromEmail contains invalid characters."); return ('okay'); } ?>