Web-based e-mail has a back-end database application with a web-client. When
you click the "send" button, the data you entered in your web form is submitted
to the database server. Before transmitting data to a server, a bit of data
validation is done to prevent accidental code errors, or malicious SQL
injection attacks. Faulty validation is most likely what is causing your
extraneous characters.
In the PHP language, the value you enter in your text box is sent as a string
enclosed in single quotes. With proper validation, you can easily send the
following string:
Carelton's letter
Without it validation, the database server would think the input string ended
with the closing ' after the n in Carleton and the next character would start
the next command. This is how SQL injection attacks occur.
Carelton' );DELETE FROM messages.*; INSERT INTO messages(subject) VALUES('Your
data just got deleted by us. We win.)
Obviously, you have to validate your input. If there is a mistake in how
characters were handled in the validation, extraneous characters can occur.
Other languages use other characters, but the concept here is the same.
--
Scott Hudnall
On Friday, July 18, 2008, at 09:50AM, <[EMAIL PROTECTED]> wrote:
>Has anyone else noticed this?
>
>E-mail sent from the aol.com e-mail site often has extraneous question marks
>between sentences.
>
>E-mail sent from the yahoo.com e-mail site often has strange characters,
>including a Euro symbol, where there would otherwise be quotation marks or
>apostrophes.
>
>I send my e-mail from either comcast.net or (at home) from Microsoft Outlook,
>in html, and don't notice anything amiss.
>
>Carleton
