Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Khalid Hanif's Blog:
Email Header Injection in PHP
Feb 24, 2006 @ 07:10:01

In a simple example of something that could cause a lot of problems in your PHP script (and server's) life, this new post sheds some light on email header injection in PHP.

It has become apparent that spammers are getting even more smarter than we take them for. Rather than abuse open relays, which are almost non-existent, these scum-of-the-earth 'traders' are now abusing contact forms.

However, the problem isn't necessarily that they are attempting to use the contact forms. The problem that exists is that the average coder with little or no understanding of security issues can create a contact form for their website which can act as an open invitation to spammers.

tagged: email header injection web form validate email header injection web form validate