$cols = array(
"first_name",
"email1",
"description"
);
// FROM THE POST AT EE
function emailregex($str)
{
// A REGULAR EXPRESSION TO FIND THE FROM-EMAIL ADDRESS
$regex
= '#' // REGEX DELIMITER
. '.*?' // ANYTHING OR NOTHING
. '\<' // ESCAPED WICKET
. '(.*?)' // GROUP OF CHARACTERS WITH EMAIL ADDRESS
. '\>' // ESCAPED WICKET
. '#' // REGEX DELIMITER
;
// ISOLATE THE FROM EMAIL ADDRESS
preg_match($regex, $str, $matches);
return $matches;
}
$from = emailregex(" Ray <ray.paseur@gmail.com>");
$email1=$from[1];
$first_name=$from[0];
$q = 'INSERT INTO '.$tablename.' (';
foreach ($cols as &$columnname) {
$q.=$columnname.',';
}
$q=rtrim($q, ",");
$q.=') VALUES (';
foreach ($cols as &$columnname) {
$q.='\''.mysql_real_escape_string($$columnname).'\',';
}
$q=substr_replace($q, "", -1);
$q.=')';
echo '<br>'.$q;
echo fwrite($fwritefile,$q);
mysql_query ($q);
?>
<?php // RAY_temp_rgb192.php
// A SIMULATED ATTACK VECTOR
$evil = <<<JAVASCRIPT
<script type="text/javascript">
alert("I JUST REDIRECTED YOUR BROWSER TO AN ATTACK SITE AND ALL YOU CAN DO IS CLICK OK, SUCKER");
</script>
JAVASCRIPT;
// DANGEROUS
echo $evil;
// SAFE
echo htmlentities($evil);
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
From novice to tech pro — start learning today.
Open in new window