PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

In Case You Missed It...The Week of October 17th, 2005
Revisited: Logging With PHP
Mass Customization
In Case You Missed It...
Review: Rapid PHP 2005

Sr. Web Developer
mediabistro.com
US-NY-New York

Post A Job | Post A Resume

Comments for: dan_ball20080118

Message # 1510443:

Date: 01/30/08 11:58
By: Colin McKinnon
Subject: Email Forms in PHP - read this first.

The code presented could easily be abused to send an email anywhere - by anybody.

The attack is described here:

http://www.securephpwiki.com/index.php/Email_Injection

But is easily prevented by eliminating newline chars (and CRs too to be paranoid) from the user submitted values.

Previous Message | Next Message

Comments:
Parse error with your script	Chris	06/24/08 00:29
Emailing form not sending	LuAnne	03/14/08 23:25
Email Form	Chris	01/31/08 10:43
Email Forms in PHP - read this first.	Colin McKinnon	01/30/08 11:58
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. Add A Comment: Name: Email: Subject: Message: To reduce spam posts, messages are now manually approved You are not [logged in]. That means your account will not get credit for this post.

Comments for: dan_ball20080118

Add A Comment: