Re: Injection in mail()
- From: moosus <junk{@}fishingmonthly.com.au>
- Date: Fri, 24 Nov 2006 00:55:40 GMT
Flamer
- thanks 4 the reply
I do understand about code injection.
I guess the question was more "is it possible to inject onto 'string
message' parameter of the email function?
After a little bit more reading it looks like the answer is yes
cheers
in article 1164327053.961715.124960@xxxxxxxxxxxxxxxxxxxxxxxxxxxx, flamer
die.spam@xxxxxxxxxxx at die.spam@xxxxxxxxxxx wrote on 24/11/06 10:10 AM:
moosus wrote:
G'day Guys,
Do I need to worry about cleaning my $_POST[comments] field before using it
in a mail() function?
Cheers
moosus
you mean incase someone inserts malicious code into your web forms??
yes you should use striptags(), look at http://www.php.net/striptags
there are example scripts there that do a pretty good job of cleaning
anything slightly malicious - striptags on its own isnt 100% surefire.
Flamer.
.
- Follow-Ups:
- Re: Injection in mail()
- From: Michael Fesser
- Re: Injection in mail()
- References:
- Injection in mail()
- From: moosus
- Re: Injection in mail()
- From: flamer die.spam@xxxxxxxxxxx
- Injection in mail()
- Prev by Date: Re: webmaster wanted
- Next by Date: Re: Injection in mail()
- Previous by thread: Re: Injection in mail()
- Next by thread: Re: Injection in mail()
- Index(es):
