> From: "Ufuk M. Fakioglu" <[EMAIL PROTECTED]>
> Here's the piece of code that composes and sends the e-mails:
>
> $row=mysql_fetch_array($sql);
> $name=$row[1];
> $email=$row[2];
> $subject=$_POST["subject"];
Bad idea here. You're script is vulnerable to mail header injection attacks. Malicious
On Thu, 19 Aug 2004 21:33:22 +0300, Ufuk M. Fakioglu <[EMAIL PROTECTED]> wrote:
> Here's the piece of code that composes and sends the e-mails:
>
> $row=mysql_fetch_array($sql);
> $name=$row[1];
> $email=$row[2];
> $subject=$_POST["subject"];
> $msg=stripslashes($_POST["msg"]);
> $msg=str_replace(
Here's the piece of code that composes and sends the e-mails:
$row=mysql_fetch_array($sql);
$name=$row[1];
$email=$row[2];
$subject=$_POST["subject"];
$msg=stripslashes($_POST["msg"]);
$msg=str_replace("RCPT_NAME", $name, $msg);
mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n".
3 matches
Mail list logo
