Securing "Tell a friend" form

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Securing "Tell a friend" form

Post by Sindarin »

How can I secure my 'tell to a friend' form from email injection?
A client has requested this but I am afraid to do it because the user is able to enter his own "send to" email address, which with a simple injection it can result to massive spam. Please help.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Stick some filtration on the input. Simple enough.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Post by Sindarin »

Do you mean something like checking for a valid email elements "@ and .com" ?
I had done something like that last time with no success.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Have a look at this: http://www.devshed.com/c/a/PHP/Email-Ad ... ith-PHP/1/

or search these boards for an email validation regular expression. there are lots of them, some better than others!
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply