comment on

Your follow-up is commendable. It is still not great because of two things. One is minor - you are hand-parsing the parameters instead of using (say) CGI or CGI::Lite. The other is much more critical. You are still trying to eliminate "unwanted" input instead of letting through only what you want to attempt. I recommend using a simplicistic matcher for email addresses and text, maybe even as simplicistic as /^[-_\w]+\@([-_\w]+\.)+\w+$/ (for the email). This will reject some valid email addresses, but when piping stuff to sendmail (or, as recommended, MIME::Lite), that is preferrable to letting your mail server become blacklisted because of spamming.

This approach will eliminate least one class of problematic input, bad whitespace in the subject, mail body and recipient.

Again, the rule is to be very specific in what you let through, instead of only eliminating what you know is bad.

In reply to Re: Is that a decent concept? by Corion
in thread Is that a decent concept? by heatblazer

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.