Sorry, assume $email_address is already set - it's me,
'brian@xxxxxxxxxxxxxxxx'.
My typo on the '\r\n' should be "\r\n".
I created a simple mail form and am blocking SMTP injections like
this. Seems like it ought to be 100% foolproof, AFAIK you can't
complete and SMTP injection with a Content-Type header in there. Any
opinions?
$body = 'Name: '.$_POST['name'].'\r\n';
$body = $body.'Phone: '.$_POST['phone'].'\r\n';
$body = $body.'Email: '.$_POST['email'].'\r\n';
$body = $body.'Comment: '.$_POST['comment'];
if(!strpos(strtolower($body), 'content-type')) {
mail($email_address, "Site Feedback", $body, "From:
".$email_address);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
