Member
Hi friends,
Last time your help was seriously appreciable.!! Extremely thanks for that. Now I want some more help from you guys.!! I am now working on an E-Mail Injections in PHP. I am not getting it properly, neither I am not getting the proper code for that. Please tell me what are an E-mail Injections in PHP? If possible, also provide me some coding for that.!! Expecting some help sooner.!!
Member
The e-mail injection is a security vulnerability that allows malicious users to send e-mail messages using someone else's server without prior authorization. You must be sure your forms are not vulnerable to mail injection if you want to prevent your server from being used for spam without your knowledge. PHP’s inbuilt mail() function provides very limited mail functionality. When a form is added to a Web page that submits data to a Web application, a malicious user may exploit the MIME format to append additional information to the message being sent.
IF you hate me, please don't mention it. I know who hates me and who doesn't. You really do not have to make fun of people....
Member
I think that before learning how e-mail injection works, you should take a look on how the php mail() function works. The following is the basic sample of coding of this function :
By using the above coding, there are chances of the spammers to get in to your form. this may cause trouble for the web page. To avoid this scene, it is better to use the email injections in your coding.PHP Code:<?php maildemo($recipient,$subject,$message,$headers); ?>
"When they give you ruled paper, write the other way..." J.R.J.
Member
I think that looking at the following code, you can understand more better about an injections that are used in coding. The following code explains the same :
PHP Code:<?php $subject="URL of your Web Site";
$message="Hi Everyone";
if (!isset($_POST["send"])){
?>
<form method="POST" action="<?=$_SERVER['PHP_SELF'];?>">
To: <input type="text" name="recipient">
From: <input type="text" name="sender">
<input type="submit" name="send" value="Send">
</form>
<?php
} else {
$from=$_POST['sender'];
$to=$_POST['recipient'];
if (mail($to,$subject,$message,"From: $from\n")){
echo "Mail sent successfully to $to.";
} else {
echo "Shits ! Sending failed.";
}
}
?>
Member
The best way to stop e-mail injections is to validate the input. The following code explains that in much better way :
PHP Code:<html>
<body>
<?php
function spamcheck($field)
{
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
if(filter_var($field, FILTER_VALIDATE_EMAIL))
{
return TRUE;
}
else
{
return FALSE;
}
}
if (isset($_REQUEST['email']))
{
$mailcheck = spamcheck($_REQUEST['email']);
if ($mailcheck==FALSE)
{
echo "Invalid input";
}
else
{//send email
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
mail("someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
}
else
{
echo "<form method='post' action='mailform.php'>
Email: <input name='email' type='text' /><br />
Subject: <input name='subject' type='text' /><br />
Message:<br />
<textarea name='message' rows='15' cols='40'>
</textarea><br />
<input type='submit' />
</form>";
}
?>
</body>
</html>
Posting Permissions
Reply With Quote
Bookmarks