I wonder if it is enough to scan the message body for and replace them?
-- Long http://MeandmyCity.com/ - Free, searchable business directory for local communities http://edgesoft.ca/blog/read/2 - No-Cookie Session Support plugin for Rails
not just the message body. you'd have to scan the headers (to, from, subject) for anything that should'nt be there or not in the correct format.
see
http://www.securephpwiki.com/index.php/Email_Injection
for a list of example scenarios.
I agree. Each form field should be scanned.
-- Long
Chris Hall wrote: