php_secure_mail.asp

W3Schools tutorial..web designing

</tr>
</table>
<p>The problem with the code above is that unauthorized users can insert data into the 
mail headers via the input form.</p>
<p>What happens if the user adds the following text to the email input field in 
the form?</p>
<table class="ex" cellspacing="0" border="1" width="100%" id="table4">
  <tr>
    <td>
    <pre>someone@example.com%0ACc:person2@example.com
%0ABcc:person3@example.com,person3@example.com,
anotherperson4@example.com,person5@example.com
%0ABTo:person6@example.com</pre>
    </td>
</tr>
</table>
<p>The mail() function puts the text above into the mail headers as usual, and now the 
header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit 
button, the e-mail will be sent to all of the addresses above!</p>
<hr />

<h2>PHP Stopping E-mail Injections</h2>
<p>The best way to stop e-mail injections is to validate the input.</p>
<p>The code below is the same as in the previous chapter, but now we have added an input validator 
that checks the email field in the form:</p>
<table width="100%" border="1" class="ex" cellspacing="0"><tr><td>
<pre>&lt;html&gt;
&lt;body&gt;
&lt;?php
function spamcheck($field)
  {
  //filter_var() sanitizes the e-mail 
  //address using FILTER_SANITIZE_EMAIL
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);
  
  //filter_var() validates the e-mail
  //address using FILTER_VALIDATE_EMAIL
  if(filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }</pre>
<pre>if (isset($_REQUEST['email']))
  {//if &quot;email&quot; is filled out, proceed</pre>
<pre>  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==FALSE)
    {
    echo &quot;Invalid input&quot;;
    }
  else
    {//send email
    $email = $_REQUEST['email'] ; 
    $subject = $_REQUEST['subject'] ;
    $message = $_REQUEST['message'] ;
    mail(&quot;someone@example.com&quot;, &quot;Subject: $subject&quot;,
    $message, &quot;From: $email&quot; );
    echo &quot;Thank you for using our mail form&quot;;
    }
  }
else
  {//if &quot;email&quot; is not filled out, display the form
  echo &quot;&lt;form method='post' action='mailform.php'&gt;
  Email: &lt;input name='email' type='text' /&gt;&lt;br /&gt;
  Subject: &lt;input name='subject' type='text' /&gt;&lt;br /&gt;
  Message:&lt;br /&gt;
  &lt;textarea name='message' rows='15' cols='40'&gt;
  &lt;/textarea&gt;&lt;br /&gt;
  &lt;input type='submit' /&gt;
  &lt;/form&gt;&quot;;
  }
?&gt;</pre>
<pre>&lt;/body&gt;
&lt;/html&gt;</pre>
</td></tr></table>

<p>In the code above we use PHP filters to validate input:</p>
<ul>
	<li>The FILTER_SANITIZE_EMAIL filter removes all illegal e-mail characters 
	from a string</li>
	<li>The FILTER_VALIDATE_EMAIL filter validates value as an e-mail address</li>
</ul>
<p>You can read more about filters in our <a href="php_filter.asp">PHP Filter</a> 
chapter.<br /></p>
<hr />

<a href="php_mail.asp"><img alt="previous" border="0" src="../images/btn_previous.gif" width="100" height="20" /></a>
<a href="php_error.asp"><img alt="next" border="0" src="../images/btn_next.gif" width="100" height="20" /></a>

<br />
<hr />

<!-- **** SPOTLIGHTS 1 **** -->

<iframe src="../banners/aspallframe.asp" height="110" width="485"
marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
Your browser does not support inline frames or is currently configured not to display inline frames.
</iframe>
<hr />
<!-- **** SPOTLIGHTS 2 **** -->

<h2>Learn XML with &lt;oXygen/> XML Editor - Free Trial!</h2>
<table cellpadding="0"><tr>
<td valign="top"><a target="_blank" href="../../www.oxygenxml.com/default.htm">
<img src="../images/oxygenxml.png" border="0" alt="oXygen - Probably The World's Best XML Editor" /></a></td>
<td>&nbsp;&nbsp;</td>
<td valign="top">
<p><a href="../../www.oxygenxml.com/default.htm" target="_blank">oXygen</a> helps you learn to define,
edit, validate and transform XML documents. Supported technologies include XML Schema,
DTD, Relax NG, XSLT, XPath, XQuery, CSS.</p>
<p>Understand in no time how XSLT and XQuery work by using the intuitive oXygen debugger!</p>
<p>Do you have any XML related questions? Get free answers from the oXygen
<a href="../../www.oxygenxml.com/forum/default.htm" target="_blank">XML forum</a>
and from the <a href="../../www.oxygenxml.com/documentation.html" target="_blank">video</a>
demonstrations.</p>
<p><b><a href="../../www.oxygenxml.com/download.html" target="_blank">
Download a FREE 30-day trial today!</a></b></p>
</td></tr></table>
<hr />


<!-- **** SPOTLIGHTS 3 **** -->
<table cellpadding="0" cellspacing="0"><tr><td width="72"></td><td>
<script type="text/javascript"><!--
google_ad_client = "pub-3440800076797949";
/*txt*/
google_ad_slot = "1699448869";
google_ad_width = 336;
google_ad_height = 280;
//-->
</script>
<script type="text/javascript"
src="../../pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</td></tr></table>
<hr />

<center>

<script type="text/javascript"><!--
google_ad_client = "pub-3440800076797949";
/*imgtxt*/
google_ad_slot = "8606855891";
google_ad_width = 468;
google_ad_height = 60;
//-->
</script>
<script type="text/javascript"
src="../../pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

</center>
<hr />


<!-- **** END SPOTLIGHTS **** -->

</td></tr>

<tr><td>
<p>Jump to: <a href="#top" target="_top"><b>Top of Page</b></a>
or <a href="../default.asp" target="_top"><b>HOME</b></a> or
<a href='php_secure_mail.asp@output=print' target="_blank">
<img src="../images/print.gif" alt="Printer Friendly" border="0" />
<b>Printer friendly page</b></a></p>
<p>W3Schools provides material for training only. We do not warrant the correctness of its contents.
The risk from using it lies entirely with the user.
While using this site, you agree to have read and accepted our
<a href="../about/about_copyright.asp">terms of use</a> and
<a href="../about/about_privacy.asp">privacy policy</a>.
</p>
<p><a href="../about/about_copyright.asp">Copyright 1999-2008</a> by Refsnes Data. All Rights Reserved.</p>
<table border="0" width="100%" cellspacing="0" cellpadding="0"><tr>
<td width="60%" align="left">
<a href="../../validator.w3.org/check@uri=referer" target="_blank">
<img src="../images/vxhtml.gif" alt="Validate" width="88" height="31" border="0" /></a>
<a href="../../jigsaw.w3.org/css-validator/check@uri=referer" target="_blank">
<img src="../images/vcss.gif" alt="Validate" width="88" height="31" border="0" /></a>
<a href="../../www.w3.org/WAI/WCAG1A-Conformance" title="Explanation of Level A Conformance" target="_blank">
<img src="../images/wai.gif" alt="W3C-WAI level A conformance icon" width="88" height="31" border="0" /></a>
</td>
<td>
<a href="../xhtml/xhtml_howto.asp" target="_top">W3Schools was converted to XHTML in December 1999</a>
</td></tr>

</table>
</td></tr>
</table>
</td>


<td width="145" align="center" valign="top">




<iframe style="background-color:#f1f1f1" src="../banners/rightcolumn.asp@secid=php" height="1500" width="147"
marginwidth="0" marginheight="0" frameborder="0" scrolling="no">
</iframe>

</td>
</tr></table>

</body>
</html>