There is no substitute for good data verification such as strip_tags() or some regular expressions to limit valid input. I also would recomend checking the referrer to be sure someone doesn't hijack you form and try to modify it and submit it from a remote location. Here is an example:
if (validReferrer() === false) die("invalid referrer"); function validReferrer() { $_valid_referrers = array("www.yoursite.com","www2.yoursite.com","yoursite.com"); $referer = str_replace('//', '/', $_SERVER['HTTP_REFERER']); $ref = explode('/', $referer); if ( in_array($ref[1], $_valid_referrers) ) return true; else return false; } Jim Grill Support Web-1 Hosting http://www.web-1hosting.net ----- Original Message ----- From: "Dennis Gearon" <[EMAIL PROTECTED]> To: "Bob Lockie" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, July 27, 2002 10:54 PM Subject: Re: [PHP] php 'mail()' security > What I meant was, how to sanitize the input on the forms so that > malicious stuff cannot be put as commands, etc. in the email address, or > body, or 'extra' field of the 'mail()' function in PHP. > -- > ----------------------------------------------------------------- > Joy is just a thing (to be).. raised on, > Love is just the way to Live and Die, > John Denver. > ----------------------------------------------------------------- > He lost a friend, but kept his Memory (also John Denver), > Thank you...John Corones...my friend always. > ----------------------------------------------------------------- > Look lovingly upon the present, > for it holds the only things that are forever true. > ----------------------------------------------------------------- > Sincerely, Dennis Gearon (Kegley) > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php