php - Why won't this script properly sanitize output? -
i trying sanitize output of should simple email script, outputs blank page. here script:
<?php define("email", "info@silentpost.net"); if(isset($_post['submit'])) { //include validation class include('./support/validate.class.php'); //assign post data variables $_post['name'] = filter_var($_post['name'], filter_sanitize_string); $_post['email'] = filter_var($_post['email'], filter_sanitize_email); $_post['message'] = filter_var($_post['message'], filter_sanitize_string); $name = trim($_post['name']); $email = trim($_post['email']); $message = trim($_post['message']); //start validating our form $v = new validate(); $v->validatestr($name, "name", 3, 75); $v->validateemail($email, "email"); $v->validatestr($message, "message", 5, 1000); if(!$v->haserrors()) { $header = "from: $email\n" . "reply-to: $email\n"; $subject = "email silentpost.net website!"; $email_to = email; $emailmessage = "name: " . $name . "\n"; $emailmessage .= "email: " . $email . "\n\n"; $emailmessage .= $message; @mail($email_to, $subject ,$emailmessage ,$header ); } else { //set number of errors message $message_text = $v->errornummessage(); //store errors list in variable $errors = $v->displayerrors(); //get individual error messages $nameerr = $v->geterror("name"); $emailerr = $v->geterror("email"); $messageerr = $v->geterror("message"); }//end error check }// end isset ?> if omit following code, script run fine:
$_post['name'] = filter_var($_post['name'], filter_sanitize_string); $_post['email'] = filter_var($_post['email'], filter_sanitize_email); $_post['message'] = filter_var($_post['message'], filter_sanitize_string); if necessary, include class, don't think issue class, removing filter_var lines outputs correctly.
any appreciated.
i 2 things:
a. make sure you're running php >= 5.2 (minimum filter_var function).
b. add error_reporting(e_all); top of script, let see error being thrown causing blank page.
Comments
Post a Comment