Re: Newbie Form Question

"Richard Lynch" <ceo@xxxxxxxxx> · Mon, 7 Aug 2006 15:58:01 -0500 (CDT)



On Mon, August 7, 2006 2:37 am, David Dorward wrote:
> Richard Lynch wrote:
>
>> <?php

switch($_REQUEST['email']){
  case 'subscribe@xxxxxxxxxxxxx':
  case 'unsubscribe@xxxxxxxxxxxxx':
    //Do nothing.
  break;
  default:
    die("Hack attempt.");
  break;
}

>>   if (isset($_REQUEST['email'])){
>>     $success = mail($_REQUEST['action'], 'un/subscribe',
>> 'un/subscribe', "From: $_REQUEST[email]\r\nReply-to:
>> $_REQUEST[email]");
>>     if ($success) echo "Status Change Sent";
>>     else echo "Unable to send Status Change";
>>   }
>> ?>
>
> What if someone submitted:
>
> action = poor_spam_victim@xxxxxxxxxxx
>
> email = you@xxxxxxxxxxx\r\n\r\nA long winded evil spam message here
>
> ?


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php