[thelist] PHP_SELF / Contact Form
Bill Moseley
moseley at hank.org
Wed Aug 4 10:14:05 CDT 2010
On Wed, Aug 4, 2010 at 8:04 AM, DAVOUD TOHIDY <dtohidy at hotmail.com> wrote:
> if(!preg_match('/^([a-zA-Z0-9_\'\s]+)$/', $message)){
>
...
>
> if(strlen($message) > 200 ){
>
> // sets max amount of characters in comments area (edit as nesesary)
>
> $message=substr($message, 0, 200).'...';
> $error .="We are sorry for inconvenience. Your message should not exceed
> 200 characters.<br />";
> $valid = false;
> }
>
> and for the errors to show:
>
>
> <textarea name="message" id="message" rows="15" cols="50" value="" ><?php
> echo($message)?></textarea>
>
It's not that insecure sine you are sending it back to the user that
submitted it, but wasn't there a number of recommendations on this about
escaping user-supplied data?
--
Bill Moseley
moseley at hank.org
More information about the thelist
mailing list