1. 首页
  2. 问答
  3. PHP邮件功能安全

PHP邮件功能安全

2011-06-19 208 views
3

我在我的网站上创建了一个窗体,我不确定如何去保护它,当我用mysql_real_escape_string封装变量时,它会阻止它们回显出来,有人可以拿看看我的脚本,告诉我缺陷在哪里以及如何纠正它们?由于PHP邮件功能安全

<?php 
$kop = $_POST['severity']; 
$loc = $_POST['location']; 
$summary = $_POST['summary']; 
$name = $_POST['name']; 
$email = $_POST['email']; 

$to  = '[email protected]'; 
$subject = 'Bug Report'; 
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email; 
$headers = 'From: .co.uk'; 

mail($to, $subject, $message, $headers); 

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">"; 

?>

来源

2011-06-19 Liam

+0

您没有使用数据库在这里,你为什么需要mysql_real_escape_string? 只需使用addslashes()作为POST方法。 –

+0

我是一个完全新手,当涉及到PHP,但我认为真正的转义字符串会删除任何非法字符,用户可以输入发送大量邮件和垃圾邮件? – Liam

+0

http://php.net/manual/en/function.mysql-real-escape-string.php –

回答

1 
<?php 

$kop = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['severity']), ENT_COMPAT, 'UTF-8')); 
$loc = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['location']), ENT_COMPAT, 'UTF-8')); 
$summary = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['summary']), ENT_COMPAT, 'UTF-8')); 
$name = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['name']), ENT_COMPAT, 'UTF-8')); 
$email = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['email']), ENT_COMPAT, 'UTF-8')); 

$to  = '[email protected]'; 
$subject = 'Bug Report'; 
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email; 
$headers = 'From: .co.uk'; 

mail($to, $subject, $message, $headers); 

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">"; 

?>

来源

2011-06-19 14:18:10

相关问题

 相关问题