discern Posted January 14, 2008 Share Posted January 14, 2008 Is it really necessary to check for newline characters in form a injection function? I mean, if you are searching for everything else spammers seem to use, like content-type, mime-version, href, cc:, multipart/, content-transfer-encoding, http://, just to name a few, would it still be possible for the spammer to inject headers if you did not check for newline characters? I have a form with several textareas, some of which will vary depending on previous selections, and not having to check for newlines would speed up coding a bit. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.