Comments on: Sending spam e-mail using a simple PHP method. http://smalltowngeeks.net/2010/05/19/sending-spam-e-mail-using-a-simple-php-method/ Tech News, How to's, and Reviews Mon, 09 Apr 2012 17:29:00 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: gilsal http://smalltowngeeks.net/2010/05/19/sending-spam-e-mail-using-a-simple-php-method/comment-page-1/#comment-1875 gilsal Tue, 14 Sep 2010 11:55:19 +0000 http://smalltowngeeks.net/?p=474#comment-1875 Hey, saw this blog and figured I'd toss this in your direction incase anyone ever needs to place simple security on their php scripts. Latest version of php, if I am not mistaken have some built in functions to counter sql injection for "froce brute" hacking. As for added security this snippet will remove all lines that resemble code or tags. strip_tags($_POST['name']); This is easy way of dis allowing users to be able to create formatting code or sql injections, but what if you should want the user to be able to implement formatting as this. Hello all, Small Town Geeks is a great tech/blog site! - Gil Then you will need this in your code. $message = nl2br(strip_tags($_POST['message'])); The nl2br keeps the formatting and replaces them with html tags. Again strip_tags is still used to prevent hard code and sql injection. Both these methods add just a little more user support and security. Of course like always never one way to implement security. Side note if you do intend to make a spam email as to harass friends and coworkers (*Caution not always safe for work*) be sure to include a counter and decrement or increment depending on your setup. I seem to remember someone create this same function and forgetting to add a decrementing counter and flooded one user and a mail server with 400 email in under 30 seconds. Anyways keep up the great work! Hey, saw this blog and figured I’d toss this in your direction incase anyone ever needs to place simple security on their php scripts. Latest version of php, if I am not mistaken have some built in functions to counter sql injection for “froce brute” hacking. As for added security this snippet will remove all lines that resemble code or tags.

strip_tags($_POST['name']);

This is easy way of dis allowing users to be able to create formatting code or sql injections, but what if you should want the user to be able to implement formatting as this.

Hello all,

Small Town Geeks is a great tech/blog site!

- Gil

Then you will need this in your code. $message = nl2br(strip_tags($_POST['message']));

The nl2br keeps the formatting and replaces them with html tags. Again strip_tags is still used to prevent hard code and sql injection.

Both these methods add just a little more user support and security. Of course like always never one way to implement security.

Side note if you do intend to make a spam email as to harass friends and coworkers (*Caution not always safe for work*) be sure to include a counter and decrement or increment depending on your setup. I seem to remember someone create this same function and forgetting to add a decrementing counter and flooded one user and a mail server with 400 email in under 30 seconds.

Anyways keep up the great work!

]]>