NYCPHP Meetup

[nycphp-talk] Preventing spam with php mail function

Daniel Convissor danielc at analysisandsolutions.com
Sat Feb 25 21:47:39 EST 2006


On Thu, Feb 23, 2006 at 05:19:33PM -0500, Hans Zaunere wrote:
> 
> http://www.nyphp.org/phundamentals/email_header_injection.php

Pardon my dissent, but that article has flaws.  I've mentioned them before 
on several occasions.  But let's cut to the chase.  The quick, guaranteed 
way to avoid header injection is to pass all email headers through the 
following:

   $value = preg_replace("/[\r\n]+/", "\r\n ", trim($value));

There's a whole thread about this stuff, of which this is one:
http://lists.nyphp.org/pipermail/talk/2005-September/016172.html

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409



More information about the talk mailing list