Dealing with Spam Injection

I use lots of mail scripts in php. Unfortunately, if you allow users to enter their email address, suddenly you are vulnerable to spam injection. For an explanation as to why, see this really good article.

There's a simple way to fix this for your mail scripts.

Just using some quick replacement on your strings, you can do the following:


$email = $_POST['email'];
$strip_chars = array("\r","\n");
$email = str_replace($strip_chars, "", $email);

And suddenly you're safe again.

By arthur on 2005.08.09

or do it this

Submitted by arthur (not verified) on Wed, 11/16/2005 - 15:17.

or do it this way:

$_POST['email'] = preg_replace("/\r/", "", $_POST['email']); $_POST['email'] = preg_replace("/\n/", "", $_POST['email']);

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <pre>
  • Lines and paragraphs break automatically.

More information about formatting options