Hi Mike, Thought I'd try your protection code. In $bad = array("\n","\r","\0",","); I can see why the "\n" "\r" are there. but what is the "\0" for?
Thanks, Bob. ----- Original Message ----- From: "Mike Brandonisio" <[EMAIL PROTECTED]> To: <php-list@yahoogroups.com> Sent: Sunday, January 22, 2006 4:50 PM Subject: Re: [php-list] Preventing spam drones from abusing our mail scripts > <?php > > // email injection clean up. > function safermail($to,$subject,$body,$from) > { > $bad = array("\n","\r","\0",","); > $good = "?"; > $to = str_replace($bad,$good, $to); > $subject= str_replace($bad,$good, $subject); > $from = str_replace($bad,$good, $from); > $addlhdr = "From: $from\r\nReply-To: $from\r\n"; > return mail ( $to, $subject, $body , $addlhdr ); > } > //mail( "[EMAIL PROTECTED]", $subject, $body, "From: $email" ); > safermail( "[EMAIL PROTECTED]", $subject, $body, $email ); > > ?> > > Basically you are removing the ability to send more than one email at > time. So if a spam bot enters email, email, email, email, > email ...etc the script removes the delimitor and replaces it with an > illegal '?' so that your email server will through a parsing error > and not send any email from the current request due to a malformed TO > or CC or BBC. Community email addresses: Post message: php-list@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/