Sending email from a PHP script is one of those things.Without much fuss or stringency, PHP offers just the tool.Do you want to set a custom From: address, maybe taken from the form you send, or another custom header line? If you use the mail() function (in combination with a web form in particular), make sure you check it is called from the desired page and protect the form with a CAPTCHA maybe.You can also check for suspicious strings in any arguments (say, "Bcc:" followed by a number of email addresses).2) Did you upload the files correctly and all files that reference each other are correct?
It still works perfectly fine, but of course that's pending on a whole bunch of things like 1) Are you using it in an actual server environment with PHP running? If user is authorized, we show him the protected content, otherwise we direct him to the login form.Include this sample piece of code on top of your protected pages: These are the basics of creating a membership site.(also known as email injection) For example, hackers can place the following code in one of your form fields and make your form processor script send an email to an unintended recipient: The code above is adding another email address to the CC list of the email.Spammers can send thousands of emails using this exploit.If the parameter is a valid postcode, the function returns it correctly formatted - i.e.in uppercase and with a space between the inward part and the output parts. It is essential to secure your form against all ‘holes’ that those hackers are searching for.Note: Using Simfatic Forms you can build awesome contact forms in minutes. Drag and drop build the form and and get it online fast. Download the Full Featured Version of Simfatic Forms here Spammers exploit web forms for two purposes: If you are not validating your form fields (on the serve side) before sending the emails, then hackers can alter your email headers to send the bulk unsolicited emails.Your host will not be happy with this and may warn you or even ban your web site.The best way to prevent this spammer exploit is to validate the fields used in the mail() function(fields like email, subject of the email, name etc).