|
|
Posted by Steve on 11/02/05 17:20
> But I've started getting this in my inbox? I think I'm being used here
> - any ideas."Their e-mail address is:" is hard coded
> here is the e-mail code:
....
> $email=$_POST['email'];
....
> if(mail($to,"E-mail from MySite",$message,"From:$email\n")){
Take it down, it is being abused - or is about to be abused - by
spammers.
The last argument to mail() is a list of extra headers and because of
the way your script is structured a custom form or script can submit
extra Bcc: email addresses tagged on to the 'email' form field.
At the very least get rid of any newlines inserted in the 'email'
field:
$email = preg_replace( '/[\r\n]/', '', $email );
---
Steve
Navigation:
[Reply to this message]
|