|
|
Posted by robert on 05/17/06 08:57
| //email variable declaration
| $email_to = "person@abc.com";
| $email_subj = "the form name";
| $from_address = "bill@def.com";
|
| // now we build the message of the email
| session_start();
| echo $_SESSION['message'];
| $the_message = $_SESSION['message'];
| // now we send the email
| mail($email_to, $email_subj,$the_message,"From: $from_address"); //send
| the message
| ?>
|
| When I did things this way, Hunger and Liar Lunatic make to the body of
the
| message, but not the contents of $email_hunger and $email_liar_lunatic.
| What I am doing wrong ... is there a better way???
man, that's a security hole just waiting to be used! don't store the message
in a session variable. ex., i log on as admin and send a sensitive message
to user A. next, i try to send a message to user B but the script poops a
bit in generating the message but continues to email from the session
message...user B now has info that only A should have - things like user
names, passwords, financials, etc..
i would make/use an email class object...the page with your form should be
building your message and sending it via the email class. there's NO need to
session anything. this is the same methodology as collecting data and
putting it in a db...only here, there's no db - you instead output via
email.
Navigation:
[Reply to this message]
|