tmallen Posted November 1, 2007 Share Posted November 1, 2007 I'm in a tough spot here. New registrants to my mailing list will be sent a non-interactive "confirmation" email, which will be based directly on what they enter in the Email field. How can I protect this from being exploited by spammers? Is there any risk of someone exploiting my hard-coded $body field which accepts other data using variables earlier defined with the $_REQUEST method? This is my primary concern. Quote Link to comment Share on other sites More sharing options...
otuatail Posted November 1, 2007 Share Posted November 1, 2007 Can you give us some kind of example of what you mean. I asume that the conformation is used to verify spoof. and that the conformation is used by you to activate that email in the emailing list. Desmond. Quote Link to comment Share on other sites More sharing options...
tmallen Posted November 1, 2007 Author Share Posted November 1, 2007 No, it's just a friendly email. The only data being pulled from the form that gets into the body is the person's name. $name = $_REQUEST['name']; $company = $_REQUEST['company']; $title = $_REQUEST['title']; $address = $_REQUEST['address']; $address2 = $_REQUEST['address2']; $city = $_REQUEST['city']; $state = $_REQUEST['state']; $phone = $_REQUEST['phone']; $email = $_REQUEST['email']; // Define the recipient, subject, and body $to = "$name <$email>"; $subject = 'Client Company Mailing List Registration'; $message = " <html> <head> <title>$subject</title> </head> <body> <div style='font: 11px verdana; line-height: 1.3; color: #333;'> <p>$name,</p> <p>Thank you for signing up with the Client's Company Name mailing list.</p> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> <p>Client's Company Name</p> </div> </body> </html> "; Quote Link to comment Share on other sites More sharing options...
otuatail Posted November 1, 2007 Share Posted November 1, 2007 How can I protect this from being exploited by spammers? This what I don't understand. Is it the content of the email or your your webpages. Anyone looking at your web page via View source will only see the HTML content not your PHP script like $to = "$name <$email>"; // not sure you need the <$email> Desmond Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.