FUDforum: comp.lang.php » FORMS, validating mail was sent

Home » Imported messages » comp.lang.php » FORMS, validating mail was sent

Show: Today's Messages :: Polls :: Message Navigator

Re: FORMS, validating mail was sent [message #181873 is a reply to message #181871]

Thu, 20 June 2013 21:03

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 6/20/2013 4:46 PM, Gordon Burditt wrote:
>> I'm a PHP near-newbie working fairly successfully on creating a secure
>> PHP e-mail (mail()) function. It occurs to me that the only way a user
>> knows (thinks) a form has been sent, is that I tell him so either in a
>> line of code or with a Thank You page.
>
> Since you're a near-newbie, please save the world from having to
> block email from your server, and DO NOT put any variables in email
> headers, DO NOT put any variables from the user in email headers,
> and DO NOT put any variables set in your form in email headers.
> Put them in the body of the mail.
>
> Wrong: From: $email
> Right: From: www-data(at)myserver(dot)hostingco(dot)com
>
> Some servers are going to require that (a) the From: address is
> local, (b) the From: address is a valid local user, and perhaps (c)
> the user name must match the user id of the code that called the
> MTA. In other words, there might be only one correct From: line
> you're allowed to use.
>
> (For a mailing list to customers, you're stuck with a variable
> in the To:, Cc:, or Bcc: headers. )
>
> Wrong: Subject: Contact form from $email
> Right: Subject: Contact form - read body to tell who it's from.
>
> Wrong: Subject: Order for $itemname
> Right: Subject: Order
>
>
>
> (Consider what happens if $email='me(at)gmail(dot)com\rCc: victim1(at)gmail(dot)com,
> victim2(at)gmail(dot)com, victim3(at)gmail(dot)com, ..., victim99(at)gmail(dot)com', and
> $address (used in the body) contains a 5-page-long ad for body part
> enlargement)
>

I will agree not to put UNVALIDATED data in the Subject: line. But
proper validation of the data will solve this problem.

I do agree not to put user-supplied data in the To: or From: fields.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		FORMS, validating mail was sent By: bill on Thu, 20 June 2013 17:40
		Re: FORMS, validating mail was sent By: Jerry Stuckle on Thu, 20 June 2013 17:53
		Re: FORMS, validating mail was sent By: J.O. Aho on Thu, 20 June 2013 18:18
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Thu, 20 June 2013 18:24
		Re: FORMS, validating mail was sent By: Jerry Stuckle on Thu, 20 June 2013 18:40
		Re: FORMS, validating mail was sent By: gordonb.vb4vo on Thu, 20 June 2013 19:44
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Thu, 20 June 2013 21:03
		Re: FORMS, validating mail was sent By: bill on Fri, 21 June 2013 18:06
		Re: FORMS, validating mail was sent By: bill on Sat, 22 June 2013 15:42
		Re: FORMS, validating mail was sent By: Thomas 'PointedEars' on Sun, 23 June 2013 11:13
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Sun, 23 June 2013 11:22
		Re: FORMS, validating mail was sent By: bill on Sun, 23 June 2013 17:07
		Re: FORMS, validating mail was sent By: bill on Sun, 23 June 2013 17:00
		Re: FORMS, validating mail was sent By: J.O. Aho on Sun, 23 June 2013 18:22
		Re: FORMS, validating mail was sent By: bill on Sun, 23 June 2013 18:53
		Re: FORMS, validating mail was sent By: gordonb.4qaft on Mon, 24 June 2013 19:43
		Re: FORMS, validating mail was sent By: Peter H. Coffin on Mon, 24 June 2013 20:09
		Re: FORMS, validating mail was sent By: Thomas 'PointedEars' on Tue, 25 June 2013 13:19
		Re: FORMS, validating mail was sent By: Jerry Stuckle on Tue, 25 June 2013 14:11
		Re: FORMS, validating mail was sent By: bill on Tue, 25 June 2013 15:43
		Re: FORMS, validating mail was sent By: bill on Tue, 25 June 2013 15:32
		Re: FORMS, validating mail was sent By: gordonb.htsnc on Thu, 27 June 2013 15:57
		Re: FORMS, validating mail was sent By: Thomas 'PointedEars' on Thu, 27 June 2013 19:13
		Re: FORMS, validating mail was sent By: Arno Welzel on Fri, 28 June 2013 09:43
		Re: FORMS, validating mail was sent By: gordonb.k0cb7 on Thu, 20 June 2013 20:46
		Re: FORMS, validating mail was sent By: Jerry Stuckle on Thu, 20 June 2013 21:03
		Re: FORMS, validating mail was sent By: gordonb.udxst on Sat, 22 June 2013 00:26
		Re: FORMS, validating mail was sent By: Jerry Stuckle on Sat, 22 June 2013 00:36
		Re: FORMS, validating mail was sent By: bill on Sat, 22 June 2013 16:04
		Re: FORMS, validating mail was sent By: Christoph Michael Bec on Thu, 20 June 2013 21:39
		Re: FORMS, validating mail was sent By: Tim Streater on Fri, 21 June 2013 09:11
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Fri, 21 June 2013 10:25
		Re: FORMS, validating mail was sent By: Tim Streater on Fri, 21 June 2013 11:27
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Fri, 21 June 2013 16:59
		Re: FORMS, validating mail was sent By: Tim Streater on Fri, 21 June 2013 17:25
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Fri, 21 June 2013 22:43
		Re: FORMS, validating mail was sent By: Tim Streater on Sat, 22 June 2013 12:45
		Re: FORMS, validating mail was sent By: bill on Sat, 22 June 2013 16:20
		Re: FORMS, validating mail was sent By: Peter H. Coffin on Thu, 20 June 2013 22:27
		Re: FORMS, validating mail was sent By: The Natural Philosoph on Fri, 21 June 2013 06:57
		Re: FORMS, validating mail was sent By: bill on Sat, 22 June 2013 16:02
		Re: FORMS, validating mail was sent By: GravyCode on Fri, 21 June 2013 18:30

Previous Topic:	strange one
Next Topic:	how to change old ereg?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Jun 26 13:00:08 GMT 2024

Total time taken to generate the page: 0.04659 seconds