1. 首頁
  2. 問答
  3. PHP郵件功能安全

PHP郵件功能安全

2011-06-19 124 views
3

我在我的網站上創建了一個窗體,我不確定如何去保護它,當我用mysql_real_escape_string封裝變量時,它會阻止它們回顯出來,有人可以拿看看我的腳本,告訴我缺陷在哪裏以及如何糾正它們?由於PHP郵件功能安全

<?php 
$kop = $_POST['severity']; 
$loc = $_POST['location']; 
$summary = $_POST['summary']; 
$name = $_POST['name']; 
$email = $_POST['email']; 

$to  = '[email protected]'; 
$subject = 'Bug Report'; 
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email; 
$headers = 'From: .co.uk'; 

mail($to, $subject, $message, $headers); 

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">"; 

?>

來源

2011-06-19 Liam

+0

您沒有使用數據庫在這裏,你爲什麼需要mysql_real_escape_string? 只需使用addslashes()作爲POST方法。 –

+0

我是一個完全新手,當涉及到PHP,但我認爲真正的轉義字符串會刪除任何非法字符,用戶可以輸入發送大量郵件和垃圾郵件? – Liam

+0

http://php.net/manual/en/function.mysql-real-escape-string.php –

回答

1 
<?php 

$kop = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['severity']), ENT_COMPAT, 'UTF-8')); 
$loc = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['location']), ENT_COMPAT, 'UTF-8')); 
$summary = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['summary']), ENT_COMPAT, 'UTF-8')); 
$name = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['name']), ENT_COMPAT, 'UTF-8')); 
$email = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $_POST['email']), ENT_COMPAT, 'UTF-8')); 

$to  = '[email protected]'; 
$subject = 'Bug Report'; 
$message = 'Kind of Problem ' . $kop . 'Location of Problem ' . $loc . 'Summary of Bug ' . $summary . 'Name ' . $name . 'Email Adress ' . $email; 
$headers = 'From: .co.uk'; 

mail($to, $subject, $message, $headers); 

echo "<meta http-equiv=\"refresh\" content=\"0;URL=/report-bug.php?msg=bugsuccess\">"; 

?>

來源

2011-06-19 14:18:10

相關問題

 相關問題