security question:scrubbing user input

[studentofstone]

I am trying to keep the user input clean with this script but can't figure out what is wrong with it.

the error I am getting is Warning: preg_match() expects parameter 1 to be string,

$bad_strings = array(
                "content-type:",
                "mime-version:",
                "multipart/mixed",
			"Content-Transfer-Encoding:",
                "bcc:",
			"cc:",
			"to:",
  						);
if (preg_match($bad_strings, $first_name)) {
    die;

[Maq]

preg_match takes (string, string) and you're passing in an array for the first parameter.  Not entirely sure what you're trying to do here...  If you want to check if $first_name exists in the array of bad words then use in_array.

[Pikachu2000]

Warning: preg_match() expects parameter 1 to be string

 

$bad_strings = array(

[Skylight_lady]

no comma in:

 

"to:",

[Maq]

no comma in:

 

"to:",

 

I think that's actually fine.

[studentofstone]

preg_match takes (string, string) and you're passing in an array for the first parameter.  Not entirely sure what you're trying to do here...  If you want to check if $first_name exists in the array of bad words then use in_array.

I am trying to make sure the user input (which will be emailed after processing) is only being sent to the proper address by explicitly keeping out bcc: cc: etc. I already have a fair amount of validation, but I wanted to be sure people don't steal the data.

Is there a better way?

 

Warning: preg_match() expects parameter 1 to be string

 

$bad_strings = array(

/slaps forehead/

of course.