Security Question — PHP Programming Language

You are here: Security Question « PHP Programming Language « IT news, forums, messages

Posted by Lloyd Harold on 11/20/07 22:34

I've noticed that the following HTML form and PHP script are being used
on a site to which I contribute.

Do they pose a security risk?

The HTML Form

<form name="FormName" method="POST" action="formprocess.php">

Name <input type="text" name="name">
Email<input type="text" name="email">

<input type="SUBMIT" name="submit" value="OK">
</form>

The PHP (formprocess.php)

$email = $HTTP_POST_VARS[email];
$mailto = "email@domain.com";
$mailsubj = "Email Subject";
$mailhead = "From: $email\n";

reset ($HTTP_POST_VARS);

$mailbody = "Values submitted from web site form:\n";

while (list ($key, $val) = each ($HTTP_POST_VARS)) //wrapping
{ $mailbody .= "$key : $val\n"; }

if (!eregi("\n",$HTTP_POST_VARS[email])) //wrapping
{ mail($mailto, $mailsubj, $mailbody, $mailhead); }

Navigation:

Next in forum: PHP5: precompiled XSL stylesheet
Prev in forum: Re: Variable variables in classes
Thread view: Security Question

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация