Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Darrell Conklin
Darrell Conklin
21,988 Points
Posted by Darrell Conklin
Darrell Conklin
21,988 Points

Form Validation

foreach( $_POST as $value ){

    if( stripos($value,'Content-Type:') !== FALSE ){

       echo "There was a problem with the information you have entered.";

        exit();

    }

}

This code appeared on a quiz and I couldn't find any reference to it in the video that it referred me to for the answer.

While I understand the concept of wanting to make sure the "content type" is contained within the value of each form post. I don't understand how I would apply this method to prevent a bot from hijacking my form.

Or better yet how checking to see if a string value is within the variable can even really check to see if the content type is right, if that was even what they were insinuating to begin with.

If anyone can shed some light on this I would be grateful.

Here is a link to the Video: Validating Form Data

Here is a link the Quiz: Form Validation

Simon Coates
Simon Coates
28,694 Points
Simon Coates
Simon Coates
28,694 Points

It may have just been that in that specific instance, content type is not expected, hence the access is presumably from a bot. I remember looking at that example and thinking i'd missed something.

1 Answer

Jason Anello
Jason Anello
Courses Plus Student 94,610 Points

Hi Darrell,

That code is meant to help protect against an email header injection exploit. I don't think that it was covered in this course though.

It was covered in an older course here by Randy Hoyt which has been removed from the library. I was able to find a post about it in the community from which you can access the video from that older course. Click the "Watch Video" button on the top right of the page.

https://teamtreehouse.com/community/further-explanation-on-email-header-injection-exploit