Is my PHP form secure?
Question
I have a form and this bit of code to send it:
if($feedback != $errorMessage){
$emailTo = 'me@mywebsite.com';
$emailFrom = 'submissions@mywebsite.com';
$subject = 'Submission';
$body = filter_var("$contactName made a submission.
Contact Information:
Contact Name:\t$contactName
blah:\t$blah
Address:\t$address
Telephone:\t$telephone
Mobile:\t$mobile
E-mail Address:\t$userEmail
Website:\t$website
Vacancy Information:
field1:\t$field1
field2 Benefits:\t$field2
field3:\t$field3
field4:\t$field4
field5:\t$field5
field6:\t$field6
field7:\t$field7
field8:\t$field8
field9:\t$field9", FILTER_SANITIZE_STRING);
mail($emailTo, $subject, $body, "From: ".$emailFrom);
}
From what I understand from reading other threads this should be enough. I tried emailing just a single dot on a line in one of the textareas and it did turn it into 2 dots. Just running one function on it seems far too simple though.
Is this secure enough? I've read things online that seem inconsistent like that I don't even have to sanitize the body. The email body is the only thing that takes user input here.
Thanks.
1 answers
solution1
0 2014-04-20 15:48:15
Not entirely sure what you mean by secure here. Your script is just sending an email. The content of the fields will be what the user filled in. It could be link to virus, crap, spam or real content. Not easy to say, really. Not much to do with it either.
Sanitizing is much more important once databases are in use.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.