-1
我一直在閱讀php的郵件注入和可能的安全風險。我決定通過一個功能來控制大部分內容,只需傳入電子郵件和聯繫消息即可。函數內的PHP郵件功能 - 這有多安全?
只是想知道這是多麼安全,並防止任何類型的注射?
//contact form
function sendContactForm($contactEmail, $contactMessage) {
$to = "[email protected]";
$from = "[email protected]";
$replyTo = filter_var($contactEmail, FILTER_VALIDATE_EMAIL);
$subject = "Contact Form Email";
$message = $contactMessage;
$headers = "From: " . $from . "\r\n";
$headers = "Reply-To:" . $replyTo . "\r\n";
$headers .= "Content-type: text/html\r\n";
$success = mail($to, $subject, $message, $headers);
}
它看起來像你想'FILTER_SANITIZE_EMAIL' – 2013-05-03 11:15:46
我會建議使用phpmailer(http://sourceforge.net/projects/phpmailer/)。我認爲它已經解決了很多安全問題 – x4rf41 2013-05-03 11:17:39