> From: "Ufuk M. Fakioglu" <[EMAIL PROTECTED]>
> Here's the piece of code that composes and sends the e-mails:
>
> $row=mysql_fetch_array($sql);
> $name=$row[1];
> $email=$row[2];
> $subject=$_POST["subject"];
Bad idea here. You're script is vulnerable to mail header injection attacks. Malicious
users can send a multi-line subject and insert additional headers and/or content into
your email messages. This will allow them to set false return paths, false content or
have your server send out spam for them. Filter any newlines from $_POST['subject']
before you use it.
> $msg=stripslashes($_POST["msg"]);
> $msg=str_replace("RCPT_NAME", $name, $msg);
> mail($email, $subject, $msg, "From: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Return-Path: Mozaik <[EMAIL PROTECTED]>\r\n".
> "Content-type: text/html; charset=iso-8859-9\r\n");
>
> Could it be the SQL query returning the "nonstandard terminator"?
>
> How do I decide to use \n instead of \r\n?
Have you tried just using \n in the headers you create above? What OS are you running?
Are the error messages you're receiving from a specific OS?
This doesn't really sound like a PHP issue. More like your mail server is sending out
mail in a bad format (maybe by using \n instead of \r\n?)...
---John Holmes...
UCCASS - PHP Survey System
http://www.bigredspark.com/survey.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
