You could chat with Dave-smarty-pants-Smith, 'cause he has implemented it, but for a comprehensive anti-cross-site-scripting php script, check here: http://www.mricon.com/html/phpfilter.html
----- Original Message ----- From: "Jacob Albretsen" <[EMAIL PROTECTED]> To: "UUG Discuss" <[EMAIL PROTECTED]> Sent: Monday, June 02, 2003 9:38 PM Subject: [uug] PHP mail() function > I need advice from people smarter than me. This web page I maintain for a > friend has a bunch of email addresses on it. I know, I know, spam. I warned > them, they wanted it that way. > > So now 6 months later, they get spam and want a solution so it doesn't get > worse. So, I started making them a form that people could use and so I could > learn more about the mail() function to send messages online. > > My thoughts go back to a UUG meeting when Dave Smith was showing us a similar > application, only with a database, and the quick thinkers in the group showed > us why security is needed by making pop up Javascript windows on Dave's demo > blog. > > So there is this function called strip_tags() which I tested and appears to > work. My question is, is strip_tags() enough to prevent potential abuse, or > is there something else I need to put in there to make it even better? > > Thanks. > > -- > Jacob Albretsen > [EMAIL PROTECTED] > > ____________________ > BYU Unix Users Group > http://uug.byu.edu/ > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
