I have a php script using the mail function I would just like to know if someone sees a problem with this script before I contact the sys admin as he will probably not answer for a while
$headers = 'MIME-Version: 1.0' . "
";
$headers.= 'Content-type: text/html; charset=iso-8859-1' . "
";
$rating=$_POST['Rate'];
$subject= "review from website";
$name=$_POST['lname'].", ".$_POST['name'];
$from = $_POST['email'];
$to ="email@gmail.com";
$messageTo="BBComputers";
$headers = "From: ".$from. "
";
$message = htmlspecialchars($_POST['comment']);
$about = $_POST['product'];
$date=date("n-j-y \a\\t g:ia
");
mail($to,$subject,$message,$headers);
I see a whole bunch of problems:
Your to address is incorrect: lose the trailing ;
There is no input validation.
Potential for header injection ($_POST["email"])
There is a random htmlspecialchars in there (why?)
$rating, $messageTo, $nameand $about are defined but never used.