Research I have done for this question and links:
How do you send console messages and errors to alert?
jQuery AJAX form using mail() PHP script sends email, but POST data from HTML form is undefined
The code example:
function handleError(evt) {
if (evt.message) { // Chrome sometimes provides this
$.ajax({
type: "POST",
url: "email.php",
data: evt.message,
success: function(){
$('.success').fadeIn(1000);
}
});
} else {
$.ajax({
type: "POST",
url: "email.php",
data: evt.type,
success: function(){
$('.success').fadeIn(1000);
}
});
}
}
Question) What type of validation is required in "email.php" to be sure that the emails aren't malicious (to the extent that this is possible) IE: is there a vulnerability that you are exposing yourself to with this function. If there is a built in mechanism for changing the location of error logs in javascript, that too would answer this question.
I assume you're sending it to a known email address so checking the email isn't required?
filter_var($email, FILTER_VALIDATE_EMAIL)
Then clean the data to be sent from anything that makes your email stop from functioning properly.
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return str_replace($bad,"",$string);
}
$data = clean_string($data);
After that strip the html tags to prevent html from being sent(prevents javascript from being sent as example).
$data = strip_tags($data);
The data should be safe to send in a email now keep in mind the data is not safe yet to be sent to a sql database, if you do sent it to a databse use prepared statements so the data can't do any sql injections.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.