我有以下代碼:發送郵件時是否需要轉義POST?
<?php
$email_from = "[email protected]";
$email_to = $_POST["referred_email"];
$email_subject = 'test subject here';
$email_message = $_POST["referred_message"];
// create email headers
$headers = 'From: '. $email_from ."\r\n".
'Reply-To: '. $email_from ."\r\n" .
'X-Mailer: PHP/' . phpversion();
if (filter_var($email_to, FILTER_VALIDATE_EMAIL)) {
$result = mail($email_to, $email_subject, $email_message, $headers);
echo 'Mail accepted for delivery ';
} else {
echo 'Mail could not be sent ';
}
?>
如果任何POST值中,無論如何escape'ed以防止用戶惡意行爲?如果是,應該使用哪種轉義方法?魔術引號?
我使用PHP 5.x.
你問一個yes或no的問題或者如何做的問題? – Jared
@Jazza,它的「如果是,那麼哪種方法適合這個問題」。的 – oshirowanen
可能重複[這是郵件()函數頭注射安全嗎?(http://stackoverflow.com/questions/11040328/is-this-mail-function-safe-from-header-injection) –