Posted by Chung Leong on 03/03/06 02:41

bokke wrote:
> I have an online form - script below. I thought it was secure, but
> last night I got 20 or so blank e-mails from my site and one that
> bounced ?? Is this script secure or am I being abused by spammers?

There's a flaw in your regular expression. Right now it only looks for
the existence of a valid e-mail address within $email. Thus if $email
contains the following:

sender@anonymous.www
Cc:recipient@someothersite.xxx
Bcc:somebloke@grrrr.xxx,someotherbloke@oooops.xxx

preg_match() will return true since there certainly is a correctly
formatted e-mail address in there.

Putting ^ at the beginning and $ at the end of the expression should
yield something more like what you had intended.

[Back to original message]