The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

problem with form mail php

Discussion in 'E-mail Discussions' started by upsforum, May 20, 2007.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    446
    Likes Received:
    0
    Trophy Points:
    16
    I have this code for send a simple message from form in php

    if (mail ("$destinatario", "$oggetto", "$body", "From: \"$nome\" <$email>\nX-Mailer: PHP\nContent-Type: text/html") == FALSE) {

    ......


    $body, $nome and $email from $_POST variable

    the problem is that this script is very simple to use for abuse method for spam from another external website
     
  2. visiox

    visiox Well-Known Member

    Joined:
    Jan 19, 2004
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    So what is your question?

    If you are concerned about that someone could use your script with "faked" $_POST data, then don't use $_POST to get the data. (hint, mySQL)
    But what i see is a big risk at all... why are you not using a fixed sender? otherwise are you building a nice mail-relay-system.
     
Loading...

Share This Page