Skip to main content
daveharr1s0n
daveharr1s0n
Inspiring
May 25, 2021
Question

Longer comments (or carriage returns?) in php form leading to error page.

  • May 25, 2021
  • 1 reply
  • 164 views

Hello Dreamweaver Forum.

 

I'm new to php and forms, but I have this on a page I'm working on and it works great, except that if too much is typed in the comments box it leads to the error page. Forgive me, I found the php code online, so it might be basic. Is there something in the following that would give one the error message? Does it have something to do with the carriage returns?

 

Any recommendation so that the person submitting a comment can type as many paragraphs as they so desire?

 

Thanks for any assistance,

 

Dave

 

 

<?php
/*
This first bit sets the email address that you want the form to be submitted to.
You will need to change this value to a valid email address that you can access.
*/
$webmaster_email = "name@email.com, another_name@emaill.com";

/*
This bit sets the URLs of the supporting pages.
If you change the names of any of the pages, you will need to change the values here.
*/
$feedback_page = "donateNominate.html";
$error_page = "error_message.html";
$thankyou_page = "thank_you.html";

/*
This next bit loads the form field data into variables.
If you add a form field, you will need to add it here.
*/
$email_address = $_REQUEST['email_address'] ;
$comments = $_REQUEST['comments'] ;
$name = $_REQUEST['name'] ;
$msg =
"Name: " . $name . "\r\n" .
"Email: " . $email_address . "\r\n" .
"Comments: " . $comments ;

/*
The following function checks for email injection.
Specifically, it checks for carriage returns - typically used by spammers to inject a CC list.
*/
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}

// If the user tries to access this script directly, redirect them to the feedback form,
if (!isset($_REQUEST['email_address'])) {
header( "Location: $donateNominate" );
}

// If the form fields are empty, redirect to the error page.
elseif (empty($name) || empty($email_address)) {
header( "Location: $error_page" );
}

/*
If email injection is detected, redirect to the error page.
If you add a form field, you should add it here.
*/
elseif ( isInjected($email_address) || isInjected($name) || isInjected($comments) ) {
header( "Location: $error_page" );
}

// If we passed all previous tests, send the email then redirect to the thank you page.
else {

mail( "$webmaster_email", "Balke Scholarship", $msg );

header( "Location: $thankyou_page" );
}
?>

 

[Moderator removed e-mail for your protection.  Please don't post real email or other sensitive info in a public forum.]

This topic has been closed for replies.

1 reply

O
osgood_
Legend
May 25, 2021
quote

Hello Dreamweaver Forum.

 

Does it have something to do with the carriage returns?

 


By @daveharr1s0n

 

 

Most probably. Do you hit 'return' when you are typing into the comments box to cause a carriage break, which would be a normal pattern to follow if you enter a lot of text?

 

If this is the case then you might have to find another method of validating the comments if its causing an issue. No one should need to use a carriage return in the email and name box so its doing its job in those boxes if someone tries to do that.

 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices