Recent Changes - Search:

Main.SideBar (edit)
Main /

PHP

PHP page redirect

$host  = $_SERVER['HTTP_HOST'];
$uri  = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
header("Location: http://$host$uri/contact.html");

PHP Mail sanitization

The PHP mail function does not properly "sanitze" its input. What that means is that SPAMMERS can put a CR/LF (Carrige return, Line Feed) characters in the input strings - i.e. they can send these to your contact form handler and by doing so they can send Spam through your web server. If you get loads of mail returned as span that you never sent, then you have this problem. The solution is to check the request variables sent to the server for CR/LF characters. Something like this should help: 

if(isset($_REQUEST["submit"]) )
{
        //check for CF/LF in the input
        if (preg_match("/[\n\r]/",$_POST['email']) ||
        preg_match("/[\n\r]/",$_POST['subject']) ) {
                #it's spam
                exit();
        }
        $headers = 'From: '. $_POST['email'] . "\r\n" .
        'Reply-To: '. $_POST['email'] . "\r\n" .
        'X-Mailer: PHP/' . phpversion();

        $msg = "Web site message\nFrom:  ".  $_POST['email'] . "\nTel:   ". $_POST['phone'] . "\nCpy:   " .$_POST['company'].
        "\n\n" . $_POST['msg'];
        mail($mailTo, $_POST['subject'], $msg,  $headers);

        ?>
        Thankyou for your message. <a href="index.php">home</a>
        <?PHP
        unset($_SESSION['pin']);
}
Edit - History - Print - Recent Changes - Search
Page last modified on March 04, 2007, at 09:58 PM