> <? > $fName = $_REQUEST['fName'] ; > $emailid = $_REQUEST['emailid'] ; > $number = $_REQUEST['number'] ; > $message = $_REQUEST['message'] ; > > mail( "chris@xxxxxxxxx", $number, $message, "From: $emailid" ); > header( "Location: http://www.thankyou.com/thankYouContact.php"; ); > ?> This is a bit of a hang-up of mine so forgive me if it's mildly OT, but if you do figure out what the problem is, and fix it, you may want to revisit this code in a more extensive way, if what you've pasted above is exactly the code you use in your live application. Please ignore if you've simplified the code above for simplicity's sake. At any rate the code above is most likely vulnerable to SMTP injection, because it passes the unfiltered value of '$emailid' as part of the 'additional_headers' argument to mail(). So the form could be used to send spam to arbitrary email addresses. I'd recommend using filter_input(), with the FILTER_VALIDATE_EMAIL filter, to get at the 'emailid' parameter: http://us3.php.net/manual/en/function.filter-input.php Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
