I have a "contact us" php script on my site that allows users to email
direct from the webiste.  I want to be able to pass the to address and
subject line to the script so I can call teh web page from elsewhere on the
site and have it automatically choose the correct email address and subject

EG instad of using <a href=mailto:joe@;bloggs.mail.com> which requires them
to have an email client set up on the machine I want to link to
<a href=contactus.php?email=director subject=job enquiry>
The script already handles the email=director by setting a default entry in
a drop down form but I can't get it to separate the first and second
variables in the URL.

Also is this a big security risk as I will be echoing the 2nd variable as
the contents of a form field.  Would it be possible for someone to type in
the URL with HTML/php in it that would make a mess of everything?  How can I
protect against this?  Would it be sufficient to just pase the 2nd variable
for non alphabetic characters and remove them?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to