|
Posted by Torgny Bjers on 09/29/05 10:45
Peppy wrote:
> AJ,
>
> So what your reply means is that I should not have a new line character in any variable on my page???
Of course you can have newlines in your email message, just make sure
that any user input is received through POST, and that you run a regular
expression to validate that only one email has been specified in the
recipient field (whatever you call that on your form I don't know) to
ensure that it is only sent to one person.
Other than that you ought to be pretty secure. Make sure that the user
cannot enter any type of header information in the beginning of their
message, so, for instance you could do what you did:
$usermailmsg = "This is the information you submitted.\n" // ...
It will ensure that other text appears before the user submitted data.
Hope that helps.
Regards,
Torgny
[Back to original message]
|