Jump to content

Archived

This topic is now archived and is closed to further replies.

ellen

form security

Recommended Posts

Help! I have a simple form on my website--host shut it down because they said it is being used by spammers to send email. My code:

[code]if (isset($_POST['Name'])) {
$n = $_POST['Name'];
$em = $_POST['Email'];
// Configuration Settings
$SendTo =      "xxx@xxx.com";
$SubjectLine = "xxx resumé";
//$from = "From: $visitormail \r\n";
$headers .= "From: ";
$headers .= $n;
$headers .= "<";
$headers .= $em;
$headers .= ">\r\n";


$Divider =     "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";

// Build Message Body from Web Form Input
$MsgBody = @gethostbyaddr($REMOTE_ADDR) . "\n$Divider\n";
?> <?php

foreach ($_POST as $Field => $Value)
   $MsgBody .= "$Field: $Value\n";
   $MsgBody .= $Divider . "\n" . $HTTP_USER_AGENT . "\n";
$MsgBody = htmlspecialchars($MsgBody);  //make content safe

// Send E-Mail
mail($SendTo, $SubjectLine, $MsgBody, $headers);[/code]

Will someone please tell me how to change this so it is safe?

Thanks so much!

Share this post


Link to post
Share on other sites
Read [a href=\"http://www.nyphp.org/phundamentals/email_header_injection.php\" target=\"_blank\"]this article[/a] from the NYPHP Users Group. It explains what happened and how to fix it.

Ken

Share this post


Link to post
Share on other sites
Interesting article, good reading. Thanks for that!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.