Hi,
I have created a contact form in php for contact information and have
amde the e-mail a required field (requires you to input at least the
"@")
It works fine, but every once in a while I get blank e-mails with this
in the "from" field:
From: <>
Anyone have any idea how someone could have sent the form and make it
appear like that?
Thanks in advance.
5  1294 
"D" <da*******@hotmail.comwrote in message
news:11**********************@j72g2000cwa.googlegr oups.com...
Hi,
I have created a contact form in php for contact information and have
amde the e-mail a required field (requires you to input at least the
"@")
It works fine, but every once in a while I get blank e-mails with this
in the "from" field:
From: <>
Anyone have any idea how someone could have sent the form and make it
appear like that?
Thanks in advance.
I'm not sure why the blank "from" field is sneaking through, but a slightly
more robust validation will prevent it. There are plenty of regular
expression patterns around that would do the job nicely.
D wrote:
Hi,
I have created a contact form in php for contact information and have
amde the e-mail a required field (requires you to input at least the
"@")
It works fine, but every once in a while I get blank e-mails with this
in the "from" field:
From: <>
Anyone have any idea how someone could have sent the form and make it
appear like that?
Thanks in advance.
How are you validating the field? If you're using javascript, perhaps
they have it disabled. If you're using PHP, perhaps you have a security
hole - for instance, do you check your Subject line for the presence of
newline characters?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
I am using php. This is my script:
<?php
/* PHP Document */
/* Define a dónde va el e-mail, y el subject */
define ('MAILTO', 'm******@somewhere.com');
define ('MAILSUBJECT', 'Contact Form');
define ('REDIRECT', 'http://www.google.com');
/* Define el header del e-mail*/
$headers = "From: {$_POST['name']} <{$_POST['email']}>\r\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"";
/* Captura los valores del formulario */
$message = <<<EOM
Contact form:
Name: {$_POST['name']}
E-mail: {$_POST['email']}
Phone: {$_POST['phone']}
Address:
{$_POST['address']}
{$_POST['city']} {$_POST['state']} {$_POST['zip']}
Comments:
{$_POST['comments']}
EOM;
mail (MAILTO, MAILSUBJECT, $message, $headers);
header ('Location: ' . REDIRECT);
?>
D wrote:
I am using php. This is my script:
<?php
/* PHP Document */
/* Define a dónde va el e-mail, y el subject */
define ('MAILTO', 'm******@somewhere.com');
define ('MAILSUBJECT', 'Contact Form');
define ('REDIRECT', 'http://www.google.com');
/* Define el header del e-mail*/
$headers = "From: {$_POST['name']} <{$_POST['email']}>\r\n" .
"Content-Type: text/plain; charset=\"iso-8859-1\"";
/* Captura los valores del formulario */
$message = <<<EOM
Contact form:
Name: {$_POST['name']}
E-mail: {$_POST['email']}
Phone: {$_POST['phone']}
Address:
{$_POST['address']}
{$_POST['city']} {$_POST['state']} {$_POST['zip']}
Comments:
{$_POST['comments']}
EOM;
mail (MAILTO, MAILSUBJECT, $message, $headers);
header ('Location: ' . REDIRECT);
?>
This is a very insecure script. You are not doing any validation on any
of the fields. Rather, you're just taking whatever the use inputs and
put it in your form.
As soon as spammers find this page, they will be able to take advantage
of it sends thousands or millions of spam messages from your site. I'm
sure that won't make you very popular with your hosting service.
I'd suggest you drop this one and get one of the more recent form mail
scripts. Most have decent validation in their scripts.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
..oO(D)
>$headers = "From: {$_POST['name']} <{$_POST['email']}>\r\n" .
This line allows header injection. Never (never!) use user-submitted
data for anything without proper validation.
Micha This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Eshrath |
last post by:
Hi,
What I am trying to do:
=======================
I need to form a table in html using the xsl but the table that is
formed is quite long and cannot be viewed in our application. So we
are...
|
by: Donald Firesmith |
last post by:
I am having trouble having Google Adsense code stored in XSL converted
properly into HTML. The <> unfortunately become < and > and then
no longer work.
XSL code is:
<script...
|
by: RJN |
last post by:
Hi
I'm using XMLTextReader to parse the contents of XML. I have issues when
the xml content itself has some special characters like & ,> etc.
<CompanyName>Johnson & Jhonson</CompanyName>...
|
by: Marco Ippolito |
last post by:
Hi guys, what options are there to use, for example, a string stored in the
Session context by an ASP.NET page, from within, say, a PHP script?
Thanks! - Marco
|
by: RJN |
last post by:
Hi
I'm using XMLTextReader to parse the contents of XML. I have issues when
the xml content itself has some special characters like & ,> etc.
<CompanyName>Johnson & Jhonson</CompanyName>...
| | |
by: peter Willis |
last post by:
Hello,
Is there a way to recover from the following error?
I have (had) an existing database and wish not
to lose the data tables.
Thanks for any help,
Pete
|
by: ajay2552 |
last post by:
Hi,
I have a query.
All html tags start with < and end with >. Suppose i want to display either '<' or '>' or say some text like '<Company>' in html how do i do it?
One method is to use <,...
|
by: jabbah |
last post by:
Actually I'm quite sure I've missed something trivial here, but I just can't find it.
Seemingly I cannot read from a const map&
I try
#include <iostream>
#include <map>
using namespace std;
|
by: Josh Valino |
last post by:
Hi,
I have a client that has our product and in one of the aspx files, there is
code like this:
<%= SomePublicProperty %>
where the public property returns a string. In the test...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
