Nov 12, 2014 00:07
I'm trying to write a sendmail routine for online contact email forms that will avoid code injection.
I've been a bit slack in the past when it comes to this sort of thing which inevitably someone eventually has a go at injecting code sooner or later. So I thought it time I did something about it.
This is my attempt, any comments or advice would be greatly appreciated.
I think it may just do the job as is so far.
I know my code is not exactly elegent, but i'm an amature and it just has to do the job.
Mail Sent!
";
echo "To: $to
";
echo "From: $from
";
echo "Subject: $subject
";
echo "Message:
";
echo $message;
} else {
echo "There was an error...";
}
}else{
die("Direct access not allowed");
}
?>