I’ve got a contact form on a website, where people can submit their name, surname, email, etc. It’s a small form, done with php… It gets sent to my email. But sometimes I get weird emails from there? One email had this in the Surname field…
[SIZE=2]Surname : at[/SIZE]
[SIZE=2]Content-Type: multipart/alternative; boundary=38426c436a7a079f5f06604d76f15244[/SIZE]
[SIZE=2]MIME-Version: 1.0[/SIZE]
[SIZE=2]Subject: odom. he[/SIZE]
[SIZE=2]bcc: Voiettag@aol.com[/SIZE]
[SIZE=2]This is a multi-part message in MIME format.[/SIZE]
[SIZE=2]–38426c436a7a079f5f06604d76f15244[/SIZE]
[SIZE=2]Content-Type: text/plain; charset=“us-ascii”[/SIZE]
[SIZE=2]MIME-Version: 1.0[/SIZE]
[SIZE=2]Content-Transfer-Encoding: 7bit[/SIZE]
[SIZE=2]sign, ornamented with the shamrock and thistle, was inscribed in large characters he astle nn, by lexander c. onald. he house was[/SIZE]
[SIZE=2]–38426c436a7a079f5f06604d76f15244–
[/SIZE]
[SIZE=2]
[/SIZE]
[SIZE=2]What does THIS mean? some actually got a weird little “story” init?
[/SIZE]
[SIZE=2]Thanks for the help!
[/SIZE]
[SIZE=2]
[/SIZE]
Any time you put a form online you’re eventually going to get hit by people who fill in some stupid junk for any number of reasons. They may be trying to take advantage of your contact form to send out email and/or spam through your set up, they may be looking for some leaks in secutiry, and so on.
Depending on what you’re asking for in the contact form you can tighten things up a little by checking the input before sending the email. For example with the email address, check to make sure it’s in valid form and does not contain an invalid characters. Same with the name – maybe only allow characters and digits (for user names). And for the rest check to make sure they aren’t trying to include any code that could affect your email header – like changing the Content-type or who may get the email. For most of these checks regular expressions can be a big help. You might be able to find what you need for some of those checks at the Regular Expression Library: http://regexlib.com/default.aspx
Yeah I know, there’s a lot there, but without knowing what your asking for with your contact form or seeing the code to send the mail it’s the best I can offer. Or look for a more secure contact form online somewhere if you don’t want to go through all that trouble.
