Andy Boyd

To learn how to prenvent EMail injection, take a look at the following article:

http://www.securephpwiki.com/index.php/Email_Injection

Another "Top 10" list of security tips..  

http://msdn.microsoft.com/msdnmag/issues/02/09/SecurityTips/

If you are developing a community site, blog, cms, etc…  This is a great article in writing secure code to prevent you from XSS attacks or JavaScript injection:

http://www.alistapart.com/articles/secureyourcode2

The secure your code article from A List Apart by “Niklas Bivald” has some great insights:

While most community managers already know these basics, here’s a short list for newcomers:

• Strip out single and double quotes or convert them to their HTML entities (‘ and ’ for opening and closing single quotes, “ and ” for opening and closing double quotes). Please note however, that this does not entirely protect you. An attacker could still use String.fromCharCode(39) in an eval() function.
• Convert < and > to < and >.
• Convert all line breaks to
  . If you do this on all code, including style tags, you will save yourself from an attack. See “IE, CSS and JavaScript”.
• Check your self-created code tags (such as [URL]) to make sure the user is not allowed to inject JavaScript in URLs or CSS.
• Consider stripping out the word “script” to prevent someone from trying to inject the word JavaScript. Keep in mind, though, that as far as IE is concerned, “ja\n\sc\nript” is valid.
• Use regular expressions (server side) to validate and sanitize user input, as described above
• Validate CSS input!