Posted: Tue Feb 28, 2006 6:45 am
Depends on were everything is coming from. If this is all the code there is, $recipientmail = $p_inquiry; is not validated at all. So under certain circumstances someone can send any mail to any recipient.but the way it is could be exploited ??
Checking for the length of $yourmail is good, but I should definately add other validation methods to that as well. Check if it's a valid email address, contains newlines, etc.
Javascript can easily be disabled, so you cannot trust that. Javascript validation is only something you should/could add on top of the server side validation to make the forms easier to use for regular users. (if they make a silly mistake they don't have to wait for the server to return an error message)