Hi,

I've been this script (and others very similar) for some time now but my host has just suspended the site because of spam apparently. Can anyone see any obvious security issues with it?

Cheers

opens link:
http:// yoursite.com/send_edit_check.php ?emailTo=spamaddress@site.com &emailSubject=Buy_Viagra &emailHeader=lotsofheaderinfo.

those aren't really checked.
Also if you open the page, with NO strings posted, as far as I can tell (read through quickly) it will still send a 'default' mail with:
# Email to Form Owner

$emailTo = '"Owner Name" <owner@domain.co.uk>';

$emailSubject = "Contact Form Submission";

$emailBody = "A form has just been submitted:\n"
. "\n"
. "Name: $FTGuser\n"
. "Email: $FTGemail\n"
. "Telephone: $FTGtelephone\n"
. "Address: $FTGaddress\n"
. "Wedding: $FTGwedding\n"
. "Commercial: $FTGcommercial\n"
. "Lifestyle: $FTGlifestyle\n"
. "Brochure: $FTGbrochure\n"
. "How Did You Hear About Us?: $FTGhow\n"
. "Message: $FTGmessage\n"
. "\n"
. "--\n"
. "This is for information only:\n"
. "" . date('Y-m-d H:i:s') . "\n"
. "" . $_SERVER['REMOTE_ADDR'] . "\n"
. "" . $_SERVER['HTTP_USER_AGENT'] . "\n"
. "\n"
. "";

$emailHeader = "From: owner@domain.co.uk\n"
. "Reply-To: owner@domain.co.uk\n"
. "MIME-Version: 1.0\n"
. "Content-type: text/plain; charset=\"ISO-8859-1\"\n"
. "Content-transfer-encoding: quoted-printable\n";

mail($emailTo, $emailSubject, $emailBody, $emailHeader);