mail] PHP/shell script]

[Dave Hull]

On 15 Aug 2003, brad wrote:

> > 2) parse the data out stripping all character except the ones you
> > want to allow.

This approach is widely considered the "best practice." For email addresses 
you're probably looking at the following set of characters [0-9A-z_.@] of 
course, there could be others.

The point is, it's much easier to allow in what you know is acceptable and 
forbid everything else than it is to come up with a list of all possible 
nefarious combinations and allow everything else.

-- 
Dave Hull
http://insipid.com

E Pluribus Unix