$bad_first_names = array('first name','first','enter your first name','first_name', 'first name...', 'default', 'blank','friend', '~contact.firstname~', '{!firstname_fix}','','null','unknown', '{{first_name}}','$firstname', 'firstname'); $bad_email_addresses = array('{!email}','null','unknown','$email',''); $first_name_val = ""; if(isset($_GET['first_name'])) { if(in_array(strtolower($_GET['first_name']), $bad_first_names) || $_GET['first_name'][0] == "{" ) $first_name_val = ""; else $first_name_val = $_GET['first_name']; } $email_val = ""; if(isset($_GET['email_address'])) { if(in_array(strtolower($_GET['email_address']), $bad_email_addresses) || !preg_match("/^[A-Za-z0-9]/i", $_GET['email_address']) ) $email_val = ""; else $email_val = $_GET['email_address']; } function sanitized_first_name() { return $first_name_val; } function santized_email_address() { return $email_val; } add_shortcode( 'first_name', 'sanitized_first_name' ); add_shortcode( 'email_address', 'santized_email_address' ); ?>