-1
我一直在阅读php的邮件注入和可能的安全风险。我决定通过一个功能来控制大部分内容,只需传入电子邮件和联系消息即可。函数内的PHP邮件功能 - 这有多安全?
只是想知道这是多么安全,并防止任何类型的注射?
//contact form
function sendContactForm($contactEmail, $contactMessage) {
$to = "[email protected]";
$from = "[email protected]";
$replyTo = filter_var($contactEmail, FILTER_VALIDATE_EMAIL);
$subject = "Contact Form Email";
$message = $contactMessage;
$headers = "From: " . $from . "\r\n";
$headers = "Reply-To:" . $replyTo . "\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($to, $subject, $message, $headers);
}
它看起来像你想'FILTER_SANITIZE_EMAIL' – 2013-05-03 11:15:46
我会建议使用phpmailer(http://sourceforge.net/projects/phpmailer/)。我认为它已经解决了很多安全问题 – x4rf41 2013-05-03 11:17:39