calabiyau Posted February 17, 2007 Share Posted February 17, 2007 I am making a mail script for a friend. It is an online survey and he wants the results of the survey sent to him. Everything is hard coded into the mail function except for the message body which is constructed from the input of the survey. Is it possible for someone to spam by injecting something into the message body? I know I should strip tags to stop them from running scripts into the email, since it will be html format. If it is possible, what kinds of expressions should I be looking at filtering out? The same kind that you would normally look for like CC: and all that, or do these have any effect within the message body? Thanks. Link to comment https://forums.phpfreaks.com/topic/38851-solved-can-someone-spam-using-the-message-body/ Share on other sites More sharing options...
corbin Posted February 17, 2007 Share Posted February 17, 2007 Define spamming. My advice is strip all HTML tags, or if you want HTML to be allowed, only allow certain tags. Additionally, I would definitely limit the amount of input the user can put... Link to comment https://forums.phpfreaks.com/topic/38851-solved-can-someone-spam-using-the-message-body/#findComment-186817 Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 If it's in the body then it can't be used as a mailing address like CC or BCC. If they were editing the header..that would be another story. Link to comment https://forums.phpfreaks.com/topic/38851-solved-can-someone-spam-using-the-message-body/#findComment-186825 Share on other sites More sharing options...
calabiyau Posted February 17, 2007 Author Share Posted February 17, 2007 Kay thanks, that's what i needed to know. Link to comment https://forums.phpfreaks.com/topic/38851-solved-can-someone-spam-using-the-message-body/#findComment-186829 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.