[英]Safely Sending Email from PHP
I've got a page on my website where users can send me a message by giving their email, name, and a message. 我的网站上有一个页面,用户可以通过提供其电子邮件,姓名和消息来向我发送消息。 On the front end (JS) I do some basic verification, make sure the email is formatted like an email, make sure the other boxes aren't blank, and then I send it to PHP by GET.
在前端(JS)上,我进行了一些基本验证,请确保电子邮件的格式类似于电子邮件,确保其他框都不为空,然后通过GET将其发送到PHP。
Now I'm aware people can do some pretty sneaky stuff by injecting malicious code into PHP. 现在,我知道人们可以通过向PHP注入恶意代码来做一些非常偷偷摸摸的事情。 What precautions should I be taking?
我应该采取什么预防措施? When I was working with MySQL, I would escape it using the mysqli escape function.
当我使用MySQL时,我将使用mysqli escape函数对其进行转义。 What should I be doing here?
我在这里应该做什么?
Here's my script right now: 现在是我的脚本:
<?php
if(!isset($_GET["message"]) || !isset($_GET["name"]) || !isset($_GET["email"])){
echo "Check all the fields are correctly filled in and try again!";
die();
}
$email = $_GET["email"];
$message = $_GET["message"];
$name = $_GET["name"];
if($email == ""|| $message == "" || $name == ""){
echo "Check all the fields are correctly filled in and try again!";
die();
}
$message = wordwrap($message, 70);
mail("email@email.com","A Message From " . $name,$message,"From: $email\n");
echo "success";
?>
一种非常基本的方法是,您可以声明一个变量(例如$pattern
)并在其中存储正则表达式(例如攻击中常用的模式),然后使用preg_match($pattern, $valueFromYourForm)
方法查看是否有任何传递的值与任何这些表达式匹配,然后您可以停止执行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.