Forum Moderators: coopster
<? mail( "$email", "From $friend","Hello $friendsname, $friend was on our website and thought that the information/services we offer might be of interest to you and filled in our 'Tell A Friend' form.
Example Company
www.example.com", "From: email@example.com" ); header( "Location: http://www.example.com/js/thanks.php" );?>
Apparently the email box allows comma separated email address so someone is entering 100s at a time. All it does is send my referral email to the recipient but as you can imagine there are some pretty irate people getting these emails and it's giving my company a bad name. Is there anything I can add to stop them doing this? An email character limit or something?
have you thought about using a preg_match or eregi function to look for a comma in the address field and replace it with blank so it sends the email to no one?
e.g.
$to = $_POST['mailto']; // email to send to
if(eregi(",",$to)){//if we find a comma kill the script
die('You have attempted an illegal operation');
}
else{
//looks ok so send email
//your code here
}
The above is basic so you may want to look up php functions. I think preg_match maybe quicker then eregi as well.
I take it you are filtering all input before sending it anyway?
