Home/ Questions/Q 835513
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T04:50:17+00:00

I have a classifieds website, and inside each classified, there is a small form.

  • 0

I have a classifieds website, and inside each classified, there is a small form.

This form is for users to be able to tip their “friends”:

<form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm">
Tip: <input name="email2" id="email2" type="text" size="30 />
<input type="submit" value="Skicka Tips"/>
<input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" />
<input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" />
</form>

The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details?

    $to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL);
    $ad_id = $_POST['ad_id2'];
    $headline = $_POST['headline2'];

     $subject = 'You got a tip';

     $message ='Hi. You got a tip: '.$headline.'.\n';

    $headers = 'From: Tips@domain.com\r\n';
    mail($to, $subject, $message, $headers);

I haven’t tested the above yet.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Regardless of what filtering you do, you’ll need to rate limit the sending of these emails. Even if they look to be from you and have some site-specific text, an automated bot could spam several hundred thousand of them and get some kind of response (and blacklist your email server). Only let them send a handful every hour and you won’t cut out legitimate traffic.

    • 0