Hi,
you use
This could be eitherCode:$headers = "From: " . $your_name . "<" . $your_email . ">\n";
orCode:$headers = "Sender: <[email protected]>\n"; $headers .= "From: " . $your_name . "<" . $your_email . ">\n";
to avoid possible problems with sender verification.Code:$headers = "From: <[email protected]>\n"; $headers .= "Reply-To: " . $your_name . "<" . $your_email . ">\n";
Validating user input is a great thing: it helps stupid visitors to not enter "somebody@hotmail" as an email address and expect the dwarfs in the server room to add the ".com" part for them.
On the other side, when somebody visits your site and completes the form, SOMETHING asks for http://www.yoursite.com/movie.swf and later SOMETHING sends form data to http://www.yoursite.com/contact.php
For a legitimate visitor, it is the user's browser both times. A miscreant could use a variety of tools to send unverified form data to the same webserver
As a simple protection I tend to write
or something like thatCode:$your_email = $_GET['emailField']; if(ereg("[\r\n]", $your_email)) die("thou shalt not hack");
BTW: you should use POST in your flash and your php instead of GET
Musicman
A Flash Developer Resource Site
Reply With Quote
