I have been working on making my contact forms more secure.  In my research, 
the occurence of the new line character \n at the end of the $headers variable 
in the  mail function seems to be a security risk and opens one up to injection 
of spam email.  This part I understand.  I have been unable to find out this 
same information about the message variable.

If I have a variable defining the message like this, can I use the new line 
character or am I opening myself up to more spam injection.

$usermailmsg = 
"This is the information you submitted.\n
If this is not correct, please contact us at mailto:$my_email.\n\n
Name: $name\n
Phone: $phone\n
...
Please feel free to write us with any comments or suggestions so that we may 
better serve you.\n
mailto:$my_email\n\n";;

mail("$user_mail", "$subject", "$usermailmsg", "$headers");

Thanks in advance for any help.

Reply via email to