Why dont you just break the code. Before anything goes through replace colons with dashes, dashes with underscores, etc. Stuff that will not mess up readability but would prevent it from being parsed by the mail function. On 2/6/06, Jim Moseby <JMoseby@xxxxxxxxxxxxxxxxx> wrote: > > > - The most foolproof solution I can think of would be to continue > > logging the successful entries to a database and _not_ send the email. > > That way even if they get through, no emails get sent. The form would > > log the feedback and send an email to the admin that a comment is > > available for viewing. Is it time to abandon using mail() for all user > > contributed data? > > > I think you have hit it on the head. Don't use the mail() function at all > in your web form. You already have in place almost everything you need to > thwart these buggers. Just have cron kick off a script every so often > (5,10,30 minutes?) that reads through the database for new comments, and > mails them to the appropriate recipient(s). > > JM > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >