ellen Posted May 10, 2006 Share Posted May 10, 2006 Help! I have a simple form on my website--host shut it down because they said it is being used by spammers to send email. My code:[code]if (isset($_POST['Name'])) {$n = $_POST['Name'];$em = $_POST['Email'];// Configuration Settings$SendTo = "[email protected]";$SubjectLine = "xxx resumé";//$from = "From: $visitormail \r\n";$headers .= "From: ";$headers .= $n;$headers .= "<";$headers .= $em;$headers .= ">\r\n";$Divider = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";// Build Message Body from Web Form Input$MsgBody = @gethostbyaddr($REMOTE_ADDR) . "\n$Divider\n";?> <?php foreach ($_POST as $Field => $Value) $MsgBody .= "$Field: $Value\n"; $MsgBody .= $Divider . "\n" . $HTTP_USER_AGENT . "\n";$MsgBody = htmlspecialchars($MsgBody); //make content safe// Send E-Mailmail($SendTo, $SubjectLine, $MsgBody, $headers);[/code]Will someone please tell me how to change this so it is safe?Thanks so much! Link to comment https://forums.phpfreaks.com/topic/9476-form-security/ Share on other sites More sharing options...
kenrbnsn Posted May 10, 2006 Share Posted May 10, 2006 Read [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]this article[/a] from the NYPHP Users Group. It explains what happened and how to fix it.Ken Link to comment https://forums.phpfreaks.com/topic/9476-form-security/#findComment-34955 Share on other sites More sharing options...
448191 Posted May 10, 2006 Share Posted May 10, 2006 Interesting article, good reading. Thanks for that! Link to comment https://forums.phpfreaks.com/topic/9476-form-security/#findComment-34957 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.