Reply to Re: Emailing Form Data

Your name:

Reply:


Posted by Philip Ronan on 01/24/06 18:42

cover wrote:

> On Tue, 24 Jan 2006 09:59:22 +0100, "J.O. Aho" <user@example.net>
> wrote:
>
> Did the trick - thanks :-)
>
>> <?php
>> @extract($_POST);
>> /* > $from = stripslashes($from); */
>> $from = stripslashes($from)."\r\n";
>> $to = stripslashes($to);
>> $subject = stripslashes($subject);
>> $message = stripslashes($message);
>> /* > mail('$to',$from,$subject,$message); */
>> mail($to,$subject,$message,$from);
>> header("location:process.php");
>> ?>

Before you rest on your laurels, please read up on email header injection.
Your script is a potential spam factory.

<http://securephp.damonkohler.com/index.php/Email_Injection>

You might also want to replace "\r\n" with "\n" in the additional headers. I
know this isn't what it says in the RFCs, but it's the de facto standard now.
If you put carriage returns into the header of an email, it's more likely to
be flagged as spam.

--
philronan [@] blueyonder [dot] co [dot] uk

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация