Hi, I'm relatively new to PHP. I'm trying to build a very simple mail tool that will prevent spam and keep the contents of the mail case sensitive - not lowercase. I built the following code but am having trouble inserting str_ireplace into it. Does anybody know what I'm doing wrong?

I keep getting this:

Fatal error: Call to undefined function: str_ireplace() in /home/content/r/o/n/ronohr/html/mail.php on line 28

function clean_input_4email($value, $check_all_patterns = true)
{
$patterns[0] = '/content-type:/';
$patterns[1] = '/to:/';
$patterns[2] = '/cc:/';
$patterns[3] = '/bcc:/';
if ($check_all_patterns)
{
$patterns[4] = '/\r/';
$patterns[5] = '/\n/';
$patterns[6] = '/%0a/';
$patterns[7] = '/%0d/';
}

return str_ireplace($patterns, "", ($value));
}

    Firstly, str_ireplace doesn't seem to match by regex pattern. It just searches for exact string matches.

    Secondly, I'm not sure why you've got $value in its own pair of parentheses.

    Thirdly, str_ireplace was introduced in PHP 5. Are you using PHP 4 or earlier?

    Take a look at preg_replace instead. It uses regex to do its matching, and it's been available since PHP 3.0.9.

      I tried this and it works:

      return preg_replace($patterns, "", $value);

      Thanks. Can anybody think of any other large spam problems that I overlooked?

        You're using a blacklist approach. Most security experts recommend using a whitelist approach instead. That is, defining patterns that are permitted rather than trying to think of all the patterns that should not be permitted.

        I've had the same problem you're trying to deal with:

        Mailform abuse by header injection

        That page offers my experience with header injection and the solution that worked for me.

          Write a Reply...