<clip> > I really dont see what anybody could gain by spamming this form but > anyway it does check to make sure the person submits something that > starts with "http" via strstr (after bringing it down to lowercase, > thats why i didnt use stristr, and because it checks just "http", > https too is allowed, i really dont think people will have much use > for FTP or other protocols here so didnt bother, it also safeguards > my server from people trying to serve up my local files).. Yeah, that's not so great: http://ezee.se/d </clip> yep, but the above url is pretty much useless, its unable to access my filesystem and does... nothing, so other than a kid (and smart ass programmers) fooling around, who would want to do soemthing like that? <clip> You could probably stop a lot of that by checking URLs against http://www.surbl.org/ before allowing them. </clip> Thanks, thats a good idea and i think i'll work with it. Cheers! R -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
