> Please let me know what you think. I'm not familiar with mysql or dbi, but I can point out a couple of things right off.
I think you're going to need to be careful escaping the $recipient variable, trapping for sql comments and the like. Be paranoid, since this data comes from the network. This also won't work in cases where there's an [EMAIL PROTECTED] or a pipe in the deliver to, since the deliver_to field is not going to be a userid field. What's really necessary here is alias resolution, with a defaut value for piped ones that will never resolve to a user. 2, I'm a little leery about writing temp files. But that's just a predjudice of mine eric
