PHP Classes

filter for injection also: smtp

Recommend this page to a friend!

      MIME E-mail message sending  >  All threads  >  filter for injection also: smtp  >  (Un) Subscribe thread alerts  
Subject:filter for injection also: smtp
Summary:filter for injection also: smtp
Date:2005-10-06 01:51:40
Update:2005-10-06 04:09:18

  1. filter for injection also: smtp   Reply   Report abuse  
juglesh - 2005-10-06 01:51:40
Hello, I was wondering if I need to filter my to,from,message, etc. for
evil spam injection attacks, or does the class handle this?

Also, on a different topic, I had to use your class for what was
supposed to be a dead simple mail form: I just had to get the user's
email address, and mail a blank email to a certain address, which was
set up with an autoresponder that gave the user some info. Well, good
old mail() was not working, it would send a message to the box, (which
i tested by sending to myself), but the auto responder didnt like it, I
guess, cuz it wouldnt respond to it. I tried your class, which didnt
work in regular mode, but did work in smtp mode. Any thoughts there?

  2. Re: filter for injection also: smtp   Reply   Report abuse  
Manuel Lemos - 2005-10-06 04:09:18 - In reply to message 1 from juglesh
The class encodes all characters with a special meaning using q-encoding . This happens automatically when you use the SetHeader function.

For headers that take e-mail addresses, you need to use the SetEncodedEmailHeader if it is just one address or SetMultipleEncodedEmailHeader.

Those functions assume your e-mail addresses are valid and do not contain special characteres. Use the ValidateEmailAddress if you are not sure about whether each of the addresses is valid before you accept the addresses for sending messages with the class.

As for not mail not delivering messages properly, it can be many things, like for instance wrong line breaks in the message for your MTA, etc..