current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 2 down vote favorite

I am busy creating a basic php mailer script to post to _self and email to a address.

Is the script secure?

How can I avoid someone clicking on submit the whole time, to spam the mailbox, with minimal extra code

<?php
//Mail header removal
function remove_headers($string) { 
   $headers = array(
   "/to\:/i",
   "/from\:/i",
   "/bcc\:/i",
   "/cc\:/i",
   "/Content\-Transfer\-Encoding\:/i",
   "/Content\-Type\:/i",
   "/Mime\-Version\:/i" 
 ); 
$string = preg_replace($headers, '', $string);
return strip_tags($string);
} 

$to      = "[email protected]";
$subject = "Sent from site";

$uname    = remove_headers($_POST['fname']);
$uemail   = remove_headers($_POST['femail']);
$umessage = remove_headers($_POST['fmessage']);
$umessage = "Name : " . $uname . " Email : " . $uemail . " Message : " . $umessage;

if(isset($_POST['submit']))
{
   mail($to, $subject, $umessage, "From: [email protected]");
}   

?>

<div id="mailer" >
  <h1>Message</h1>
  <form name="test" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<p>Your Name:</p>
<input type="text" size="20" name="fname"><br><br>
<p>Your Email:</p>
<input type="text" size="20" name="femail"><br><br>
<p>Your Message:</p>
<textarea name="fmessage" rows="4" cols="20"></textarea><br><br>
<input type="submit" name="submit" value="Send Message">
  </form>
  <?php if(isset($_POST['submit']))
  {
   echo "<p>Sent. We will be in contact shortly.</p>";
  } ?>

  </div>
share|improve this question
add comment

1 Answer

up vote 2 down vote

Your using the email sanitize filter on each field, you need to use FILTER_SANITIZE_STRING for the name and FILTER_SANITIZE_FULL_SPECIAL_CHARS for the message field.

Sanitizing is not the same as validating...

VALIDATE Filters

SANITIZE filters

share|improve this answer
    
If I understand correctly. I only want sanitize. Dont care about validation for now. –  sas Mar 9 '12 at 5:52
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.