|
|
Posted by Justin Koivisto on 06/15/05 18:11
Alvaro G Vicario wrote:
>><form action="email.php" method="POST">
>> $success = mail($to, $HTTP_POST_VARS["subject"],
>>$HTTP_POST_VARS["message"]);
>
> $HTTP_POST_VARS is deprecated, use $_POST instead.
And filter the subject & message input so there isn't anything nasty in
it before using the submitted info. (In this case, you may want to do
something like strip_tags() on it since it's not an HTML MIME message.)
Best to get in the practice of validating/filtering input and output
from the beginning - event if it isn't necessary. It will save you a lot
of headaches down the road...
--
Justin Koivisto - justin@koivi.com
http://koivi.com
Navigation:
[Reply to this message]
|