[nycphp-talk] Sneaking in unwanted characters
Jeff
jsiegel1 at optonline.net
Wed Sep 10 15:34:55 EDT 2003
My client doesn't want anyone who visits his website to enter an email
address like www.me at mydomain.com.
So, I have two checks to validate the email entered by the user. Each
check uses preg_match.
Here's the pattern used for the first match:
'/^[a-z0-9_.=+-]+@([a-z0-9-]+\.)+([a-z]{2,6})$/i',
Then the email goes through a second check: ( preg_match('/^www\./',
trim($_POST['email'])) )
Somehow someone managed to sneak through an email address with a www at
the beginning and I'm a bit puzzled as to how they managed to do it. Is
it possible that they entered some sort of non-printable character, like
a character with an ASCII value less than 33, which would foil the data
check? Or is it something obvious that I'm overlooking?
Jeff Siegel
More information about the talk
mailing list