Quote:
Originally Posted by FlexxAeon
$headers .= 'From: '.$email . "\r\n"; to
$headers .= 'From: '.$_POST['txt_email'] . "\r\n";
|
and note that you'll find yourself listed as a spammer at some point when the spambots find your form. For the "from" address they'll enter:
[email protected]
Cc: [email protected], [email protected], [email protected]...
For the from address or anything else user submitted, use only the captured text from a proper regex match on valid input.
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids
|