And, it makes your server an open relay for email spam.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"malcster2" <webforumsuser@macromedia.com> wrote in message
news:g9o7tn$ij1$1@forums.macromedia.com...
> daniel, this works for me
>
> <?php
>
>
> if(isset($_POST['submit']))
> {
> $varbreak = "\n\n";
>
> mail('contact@youremailaddress', 'Subject: '.$_POST['subject'],
> $_POST['message'].$varbreak.$_POST['name'], $_POST['email']);
> unset($_POST['submit']);
>
> }
>
> ?>
>
> all you have got to do is set a form with the relevant id's, ie, subject,
> message, name and email
>

The concern is NOT spam on your email. It's that you are not preventing
email injection attacks with your simplistic approach.

http://www.nyphp.org/phundamentals/e..._injection.php

Approaches such as yours are responsible for some significant percentage of
spam email....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"malcster2" <webforumsuser@macromedia.com> wrote in message
news:g9ohf2$s0o$1@forums.macromedia.com...
> i've had this for ages, had no spam on it yet.
>
> so what is the problem with this method?
> would you not use the mail(....) function?
>
> or is it because there is an email in the code?
>
> i actually have any mail for this address redirected to my hotmail, so
> that
> filters out any spam anyway.
>

i've had this for ages, had no spam on it yet.

so what is the problem with this method?
would you not use the mail(....) function?

or is it because there is an email in the code?

i actually have any mail for this address redirected to my hotmail, so that
filters out any spam anyway.

ha!

i thought it was to easy!!

thanks murray.

note: i just don't understand why spam is not just made illegal, across the
world, and all hackers/geeks are not stuck on a small, preferbly smelly island
somewhere!

> i just don't understand why spam is not just made illegal

It is already. Try to catch one....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"malcster2" <webforumsuser@macromedia.com> wrote in message
news:g9oji2$106$1@forums.macromedia.com...
> ha!
>
> i thought it was to easy!!
>
> thanks murray.
>
> note: i just don't understand why spam is not just made illegal, across
> the
> world, and all hackers/geeks are not stuck on a small, preferbly smelly
> island
> somewhere!
>

.oO(malcster2)

>i've had this for ages, had no spam on it yet.
>
> so what is the problem with this method?
> would you not use the mail(....) function?

Using something like PHPMailer is safer and much more convenient. It
takes care of a lot of problems (not all, though) that may make your
application unreliable or even vulnerable. It's not only about header
injection, but also about correct header delimiters for example (\n\n is
not RFC-compliant). Not to mention the trouble you might run into if you
want to build correct multi-part messages just with mail() ...

Micha

Hey, Thanks for all the replys, I appreciate the help.
I did eventually get the form up and running with the help of a tutor.

There are 2 parts to the form code:

Now my working form looks like this:

<form method="post" action="">
<INPUT type=text name="realname" id="name-input" value="Your
Name" size="74" style="font-family: tahoma; font-size: 11px;color:#848484;
background-color:#FFFFFF; margin-left:22px; margin-top:10px;">
<INPUT type=text name="emailaddress" id="email-input" value="Your
E-mail Address" size="74" style="font-family: tahoma; font-size:
11px;color:#848484; background-color:#FFFFFF; margin-left:22px;
margin-top:4px;">
<TEXTAREA name="message" id="message-input"
style="margin-left:22px; font-family:Tahoma; font-size:11px;
margin-bottom:10px; margin-top:4px; color:#848484; background-color:#FFFFFF;
overflow:hidden; " rows=3 cols=71 >Type Your Message Here</TEXTAREA>
<div style="font-family:Tahoma; font-size:10px; color:#0086AF;
font-weight:bold; margin-left:290px;">
<input type="reset" name="Reset" id="button" value="Reset">
<input type="submit" name="button2" id="button2" value="Submit">
</div>
</form>

And there is also this code:

<?
if($_REQUEST[message]){ //This checks if the form has been submitted or not
$to="info@mysite.com"; // Modify the email address to be the email address
you want to receive the email via your form.
$from=$_REQUEST[emailaddress]; // The from variable is set by the form field
that was sent
$realname=$_REQUEST[realname];
$subject="Contact From Your Website"; // This is the subject of the message
being sent to you from your form
$message="Name: ".$_REQUEST[realname]."\n\n"."Email Address:
".$from."\n\n"."Message: ".$_REQUEST[message]; // This is the message to be
sent to you
mail($to,$subject,$message); // This is the actual sending of the email
using PHP's mail function http://us.php.net/manual/en/function.mail.php
$confirmto=$_REQUEST[emailaddress]; // The email address we'll send a
confirmation to
$confirmsubject="Your Confirmation"; // Confirmation Email Subject
$confirmfrom="noreply@mysite.com"; // Your confirming emailer address
$confirmmessage="Thank you for your email."; // Message to send to confirm
//mail($confirmto,$confirmsubject,$confirmmessage) ; // Confirmation -
uncomment this line to use it
//After the message is sent we will display a thank you message
?>
Thank you... Your message has been sent.

<? } else { // If the form has not been submitted show the form ?>