First, there's really no sense in writing elaborate regular expressions when no-one can read them, they'll be a nightmare to modify and there's not even a comment to suggest what it's meant to be doing.
Would you consider it 'insecure' if we could spam email@example.com with thousands of messages per second, with any content that we like? I only ask because there's nothing stopping repeated processing of the form with an address like no-reply@localhost. There's worse to come, see below.
Also, the emails which can be 'valid' might not be actual, usable email addresses. For example, the no-reply@localhost above or even !@^ will get through that silly regex. Specifying an 'invalid' (ie, an address which has no user at the other end) address isn't too big a deal unless you want to send a message to no-body later on. Of course, then it might be a big deal to get 99% of your emails bounced back at you.
Finally, and the biggie, it's very possible to misuse the posted code to send out spam messages with whatever content the abuser wants to as many addresses as they want: not just to your own address, but to anyone.
So, is your script secure. In a word, no.
Could it be made secure? Sure! Indeed the huge gaping chasm of a security hole can be closed very simply, you've just got to see it first. Can you see it?
The Following User Says Thank You to Salathe For This Useful Post:
Hello thanks for the input, @wildhoney: to much ??..
and @Salathe: as always great teacher :)
ps on the point of the regex i am still learning regex i got
it from a friend when i made my register, so i use it in anything else as i think it works great and then the insecure parts, all i can see yeah the spam part can be fixed with a session id or a capatcha maybe, and then on the part of spamming others that i can not see,
$bottest = $_POST['leave_blank'];
<input type='text' name='leave_blank' id='leave_blank'>
that might not be secure that is the all i see, if you see anymore would be greatly appreciated :)
and thank you for making me a better coder :)
PS: also filter $_POST so we don't get any XSS attacks
lol i did forget one thing about forums they have a search spot ;)
and now i know maybe why i am not getting allot of response for this as
people have asked allot of questions when it comes to mail :)