* Thus wrote Brian Dunning:
> Developing on a Windows server to be deployed on Linux. I get "SMTP 
> server response: 501 Bad address syntax." Here's my code:
> 
> $mail_from = 'My Name <[EMAIL PROTECTED]>';
> $mail_server = 'mail.servername.com';     // This is hosted externally
> ini_set("SMTP", $mail_server);
> ini_set("sendmail_from", $mail_from);
> $mail_to = "$first_name $last_name <$email>";


I know this isn't going to help your problem but...

you should quote this mail_to:

$mail_to = '"' . 
     str_replace($first_name, '"', '\"') . ' ' .
     str_replace($last_name, '"', '\"') . '" ' .
     <$email>";

It will prevent 'To' injection:

$last_name = "<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,";

without it:
To: <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>

with quoted:
To: "<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>," <[EMAIL PROTECTED]>

With the latter only sending one email verses however many one
person whishes.



Curt
-- 
First, let me assure you that this is not one of those shady pyramid schemes
you've been hearing about.  No, sir.  Our model is the trapezoid!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to