2
\$\begingroup\$

I am busy creating a basic php mailer script to post to _self and email to a address.

Is the script secure?

How can I avoid someone clicking on submit the whole time, to spam the mailbox, with minimal extra code

<?php
//Mail header removal
function remove_headers($string) { 
   $headers = array(
   "/to\:/i",
   "/from\:/i",
   "/bcc\:/i",
   "/cc\:/i",
   "/Content\-Transfer\-Encoding\:/i",
   "/Content\-Type\:/i",
   "/Mime\-Version\:/i" 
 ); 
$string = preg_replace($headers, '', $string);
return strip_tags($string);
} 

$to      = "[email protected]";
$subject = "Sent from site";

$uname    = remove_headers($_POST['fname']);
$uemail   = remove_headers($_POST['femail']);
$umessage = remove_headers($_POST['fmessage']);
$umessage = "Name : " . $uname . " Email : " . $uemail . " Message : " . $umessage;

if(isset($_POST['submit']))
{
   mail($to, $subject, $umessage, "From: [email protected]");
}   

?>

<div id="mailer" >
  <h1>Message</h1>
  <form name="test" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>Your Name:</p>
<input type="text" size="20" name="fname"><br><br>
<p>Your Email:</p>
<input type="text" size="20" name="femail"><br><br>
<p>Your Message:</p>
<textarea name="fmessage" rows="4" cols="20"></textarea><br><br>
<input type="submit" name="submit" value="Send Message">
  </form>
  <?php if(isset($_POST['submit']))
  {
   echo "<p>Sent. We will be in contact shortly.</p>";
  } ?>

  </div>
\$\endgroup\$

1 Answer 1

Reset to default
2
\$\begingroup\$

Your using the email sanitize filter on each field, you need to use FILTER_SANITIZE_STRING for the name and FILTER_SANITIZE_FULL_SPECIAL_CHARS for the message field.

Sanitizing is not the same as validating...

VALIDATE Filters

SANITIZE filters

\$\endgroup\$
1
  • \$\begingroup\$ If I understand correctly. I only want sanitize. Dont care about validation for now. \$\endgroup\$ Commented Mar 9, 2012 at 5:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.