[PLUG] Ready for website creation tutorials
Eric Wilhelm
scratchcomputing at gmail.com
Tue Dec 12 19:44:13 UTC 2006
# from Wil Cooley
# on Tuesday 12 December 2006 08:43 am:
>The stupid mistake to
>avoid is not taking the recipient from the form, even as a hidden
> field. Hard-code it in the script or use a configuration file or
> something else, just as long as a remote user cannot tamper with it.
That, and apparently many of them have neglected to terminate the
headers before including the posted data (at least judging by the
amount of "Content-Type" and "Mime-Version" lines that get posted to my
contact form.)
--Eric
--
"It is impossible to make anything foolproof because fools are so
ingenious."
--Murphy's Second Corollary
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
More information about the PLUG
mailing list