How should I check (screen) user-entered $ email and $ message before sending it with the mail () function?
$headers = 'Content-Type: text/plain; charset=utf-8' . "\r\n" . 'From: ' . $email; mail('myemail@gmail.com', 'Subject', $message, $headers); |
2 answers
Alternatively, you can use this approach.
function _filterEmail($email) { $rule = array("\r" => '', "\n" => '', "\t" => '', '"' => '', ',' => '', '<' => '', '>' => '', ); return strtr($email, $rule); } function _filterOther($data) { $rule = array("\r" => '', "\n" => '', "\t" => '', ); return strtr($data, $rule); } $email = _filterEmail($email); $message = _filterOther($message); mail(...); 
Andrei Katalkin Andrei Katalkin
743 3 7
- I understand that you just need to '\ r \ n' from $ email cut so that there are no inclications of unnecessary headers. But in $ message '\ r \ n' is valid. - user208916
|
Built-in function is easy to filter soap :
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
The body, as far as I understand this example, is permissible not to filter.
Yevgeny Borisov Yevgeny Borisov
698 3 12
|