Posted by Alan J. Flavell on 02/08/06 02:42

On Tue, 7 Feb 2006, Toby Inkster wrote:

> <li><label><input type="checkbox" name="recipient"
> value="sexy.sue@example.com"> Secretary</label>
> <li><label><input type="checkbox" name="recipient"
> value="grumpy@example.com"> Chairman</label>

Just a routine warning that anyone who accepts and uses arbitrary
email addresses from a form submission has to be barking mad.

Putting these addresses on view in the HTML page itself (thus exposing
them to address harvesters) is not exactly a good idea - but that's a
minor transgression compared with providing an open spamming gateway,
which is what you appear to be heading for above.

I'd recommend submitting value="Chairman" etc, from the web page, and
then looking-up the real address, from a short list of pre-configured
addresses, *within* the server-side script which processes the
submission.

• Next in forum: Re: Copying Website Contents, esp. Message Boards
• Prev in forum: Re: <abbr> best practice?
• Thread view: Re: Use of radio buttons on forms

[Reply to this message]