Skip to main content
Code Review

Return to Question

edited title
Link
200_success
200_success
  • 145.7k
  • 22
  • 191
  • 481

Is my PHP code vulnerable to XSS?form-to-email script

Tweeted twitter.com/#!/StackCodeReview/status/467149971561517056
deleted 20 characters in body; edited tags; edited title
Source Link
Jamal
Jamal
  • 35.2k
  • 13
  • 134
  • 238

Is my PHP code is vulnerable to XSS?

Someone says that my PHP code is vulnerable to XSS. I asked them what I should do to fix it, but now they don't want to help.

Here is the code:

$action=$_REQUEST['action'];
                /* send the submitted data */
    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $message=$_REQUEST['message'];
    if (($name=="")||($email=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        $subject="Message sent using your contact form";
        mail("[email protected]", $subject, $message, $from);
        echo "Email sent!";
        }
    }  
?>

Is my PHP code is vulnerable to XSS?

Someone says that my PHP code is vulnerable to XSS. I asked them what I should do to fix it but now they don't want to help.

Here is the code:

$action=$_REQUEST['action'];
                /* send the submitted data */
    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $message=$_REQUEST['message'];
    if (($name=="")||($email=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        $subject="Message sent using your contact form";
        mail("[email protected]", $subject, $message, $from);
        echo "Email sent!";
        }
    }  
?>

Is my PHP code vulnerable to XSS?

Someone says that my PHP code is vulnerable to XSS. I asked them what I should do to fix it, but now they don't want to help.

$action=$_REQUEST['action'];
                /* send the submitted data */
    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $message=$_REQUEST['message'];
    if (($name=="")||($email=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        $subject="Message sent using your contact form";
        mail("[email protected]", $subject, $message, $from);
        echo "Email sent!";
        }
    }  
?>
Source Link
mccjeff
mccjeff
  • 131
  • 1

Is my PHP code is vulnerable to XSS?

Someone says that my PHP code is vulnerable to XSS. I asked them what I should do to fix it but now they don't want to help.

Here is the code:

$action=$_REQUEST['action'];
                /* send the submitted data */
    {
    $name=$_REQUEST['name'];
    $email=$_REQUEST['email'];
    $message=$_REQUEST['message'];
    if (($name=="")||($email=="")||($message==""))
        {
        echo "All fields are required, please fill <a href=\"\">the form</a> again.";
        }
    else{        
        $from="From: $name<$email>\r\nReturn-path: $email";
        $subject="Message sent using your contact form";
        mail("[email protected]", $subject, $message, $from);
        echo "Email sent!";
        }
    }  
?>