I run a little group of web-sites mostly concerned with runes and products related to runes, There are links to all the sites on the home page of [url removed, login to view] if you want to check them out.
For years I used bog-standard email links for contacts and html forms/with Matt's [url removed, login to view] to collect data. During 2003 spam increased to such a level that I changed all my email addresses and encrypted both the links and the form headers to prevent collection by spam bots. That worked OK until Decemeber 2005. By then the spam bots had learned how to read my simple encryption and the spam was back with a vengeance.
So during December/January I changed all my email addresses yet again and switched to php mail under the impression this was going to be secure from spam bots, and so it probably is. However, I am too naive to understand the security holes in the php mail () method. Being a total amateur, I borrowed some open-source code that I found in a reputable php site and modified it to suit my needs, being quite unaware of the dangers. The biggest problem I now have is injection emails. It started a few days ago and by Friday I had received a dozen weird messages that I now know - from a couple of web searches - are of the injection type. The spammers are using my on-site contact forms as a spam relay - God only knows how many anonymous messages they have sent because of my ignorance of php. I suppose my site is likely to be disabled by my ISP when the domain starts turning up on the blacklists.
All my on-site forms are currently disabled and replaced with a simple message carrying a link to a temporary web-mail address, but if I want to stay in business I need to get the on-site contact facilities and my data collection forms back up asap.
What I need - pretty quickly - is a php script that can handle both simple messages (from, to, subject,body) and more complex feedback forms with maybe 6 or 12 fields of different input types and a variety of field names. My vision is of a single script residing on the domain root that can be called as an include from any page of any of my websites. It would weed out the injections and indeed any other known security-related uses. I can send you examples of the contact and data collection forms with the php code that I have been using if required.
Can you help?