On Tue, Jan 17, 2012 at 2:34 AM, marco@xxxxxxxxxx <marco@xxxxxxxxxx> wrote: > You should not write the recipients email address in a hidden form, but instead > read it from a config file. This way you can make sure, that no one alters it. > Although this won't stop anyone from using the mailform. Cannot emphasize this enough -- don't allow anyone to submit the destination addresses to your script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
