我想知道我所做的是否会停止对我的电子邮件表单进行注入(inject)。
<?php
if(isset($_POST['submit'])){
$to = "ask@mywebsite.co.uk";
$from = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$subject = "Form submission";
$subject2 = "Copy of your form submission";
$message = $first_name . " " . $last_name . " wrote the following:" . "\n\n" . $_POST['message'];
$message2 = "Here is a copy of your message " . $first_name . "\n\n" . $_POST['message'];
$headers = "From:" . $from;
$headers2 = "From:" . $to;
mail($to,$subject,$message,$headers);
mail($from,$subject2,$message2,$headers2);
echo "Mail Sent. Thank you " . $first_name . ", we will contact you shortly.";
}
?>
最佳答案
headers 是唯一的注入(inject)点,你只有一个变量来处理 $from,你可以使用 filter_var
关于php - 保护 php 电子邮件表单,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34733380/