Posted by Jerry Stuckle on 12/07/06 14:13

D wrote:
> I am using php. This is my script:
>
> <?php
>
> /* PHP Document */
>
> /* Define a dónde va el e-mail, y el subject */
>
> define ('MAILTO', 'myemail@somewhere.com');
> define ('MAILSUBJECT', 'Contact Form');
>
> define ('REDIRECT', 'http://www.google.com');
>
>
> /* Define el header del e-mail*/
>
> $headers = "From: {$_POST['name']} <{$_POST['email']}>\r\n" .
> "Content-Type: text/plain; charset=\"iso-8859-1\"";
>
> /* Captura los valores del formulario */
>
> $message = <<<EOM
> Contact form:
>
> Name: {$_POST['name']}
> E-mail: {$_POST['email']}
>
> Phone: {$_POST['phone']}
>
> Address:
> {$_POST['address']}
> {$_POST['city']} {$_POST['state']} {$_POST['zip']}
>
> Comments:
> {$_POST['comments']}
>
> EOM;
>
> mail (MAILTO, MAILSUBJECT, $message, $headers);
> header ('Location: ' . REDIRECT);
>
> ?>
>

This is a very insecure script. You are not doing any validation on any
of the fields. Rather, you're just taking whatever the use inputs and
put it in your form.

As soon as spammers find this page, they will be able to take advantage
of it sends thousands or millions of spam messages from your site. I'm
sure that won't make you very popular with your hosting service.

I'd suggest you drop this one and get one of the more recent form mail
scripts. Most have decent validation in their scripts.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]