Prevent email injections

[V]

Hello all!  I'm just about done making a contact form but I'm concerned about email injection attacks  I use javascript validation for valid email and

 

if(isset($_POST['submit']))

 

in my php to prevent direct access. I'm not sure how to make it more injection-proof.  My entire php code is here http://www.phpriot.com/2912

 

Do you think it's alright?  :-\

 

[F1Fan]

You'll have to post your PHP code for us to answer that. What are you doing with the data? Inserting into a DB or what?

[V]

Hi F1Fan, I posted a link above to the php code http://www.phpriot.com/2912

 

I'm sending the data to my email and also displaying in the success page using

 

<p>Your massage  has been sent.</p>
<p><?php echo nl2br($mailcontent); ?> </p>

[kenrbnsn]

Read Email Header Injection Exploit written in 2005.

 

BTW, Javascript can be turned off and your form can be submitted by bots, so always do validation with PHP on the server.

 

Ken

[V]

Read Email Header Injection Exploit written in 2005.

 

BTW, Javascript can be turned off and your form can be submitted by bots, so always do validation with PHP on the server.

 

Ken

 

ooh! good point! thanks!