Reply to Re: php form problem

Your name:

Reply:


Posted by Neil McDermott on 09/08/05 16:16

Sorry didn't mean to attach the smilie!

--
Regards,

Neil McDermott
01604 622345
07841 865970
http://www.easiserv.com
"Neil McDermott" <neil.mcdermott@easiserv.com> wrote in message
news:dfpd91$nm$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> Hello,
>
> I hope someone can help.
>
> I use a php form to process contact forms on my web sites. Recently I have
> been receiving lots of strange data coming through the contact forms like
> this :
>
> NB. mysite = the actual site that the contact form is on.
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> From: qsukgmtfqg@mysiteco.uk add to address book
> Return-Path: mysite.co.uk@hosts.co.uk add to blacklist add to whitelist
> Delivery-Date: Thursday, September 8, 2005 2:57 AM
> To: mark@mysite.co.uk
> Subject: Information request
>
> show headers | download source | printable view | back to folder | next
> message Spam score: 0
>
>
> Name : qsukgmtfqg@mysite.co.uk
>
>
>
> Phone : qsukgmtfqg@mysiteco.uk
>
>
>
> Email : qsukgmtfqg@mysiteco.uk
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> It spoofs the address of the site that the contact form is on. This has
> happened accross every site that the form is on so I am guessing their is
> a vulnaribility in the script below . Can anyone help please?
>
>
> php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
>
> <?
> $name=$_POST['name'];
> $phone=$_POST['phone'];
> $email=$_POST['email'];
> $query=$_POST['query'];
> $to="enquiries@mysite.co.uk";
> $from="$email";
> $message="Customer Name : $name\n\n
> Phone : $phone\n\n
> Email Address : $email\n\n
> Query : $query\n";
> if (mail($to, "Customer Information", "$message\n", "From: $from"))
> {$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
> } else {
> echo "There was a problem sending the mail. Please check that you filled
> in the form correctly.";
> }
> ?>
>
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> Any help would be greatly appreciated. I am no php expert , I simply
> adjusted a form I found on a php tutorial site.
>
> Thank you in advance,
>
> Neil
>
>

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация