ellen Posted May 10, 2006 Share Posted May 10, 2006 Help! I have a simple form on my website--host shut it down because they said it is being used by spammers to send email. My code:[code]if (isset($_POST['Name'])) {$n = $_POST['Name'];$em = $_POST['Email'];// Configuration Settings$SendTo = "xxx@xxx.com";$SubjectLine = "xxx resumé";//$from = "From: $visitormail \r\n";$headers .= "From: ";$headers .= $n;$headers .= "<";$headers .= $em;$headers .= ">\r\n";$Divider = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";// Build Message Body from Web Form Input$MsgBody = @gethostbyaddr($REMOTE_ADDR) . "\n$Divider\n";?> <?php foreach ($_POST as $Field => $Value) $MsgBody .= "$Field: $Value\n"; $MsgBody .= $Divider . "\n" . $HTTP_USER_AGENT . "\n";$MsgBody = htmlspecialchars($MsgBody); //make content safe// Send E-Mailmail($SendTo, $SubjectLine, $MsgBody, $headers);[/code]Will someone please tell me how to change this so it is safe?Thanks so much! Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 10, 2006 Share Posted May 10, 2006 Read [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]this article[/a] from the NYPHP Users Group. It explains what happened and how to fix it.Ken Quote Link to comment Share on other sites More sharing options...
448191 Posted May 10, 2006 Share Posted May 10, 2006 Interesting article, good reading. Thanks for that! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.