Cleaning user input before sending it in mail
Question
I am using PHPMailer class to send mails. Some mails contain user input. Should I clean user input before inserting it to mail body ? How to do this?
Tried to google for it but haven't fount anything useful.
2 answers
solution1
3 2011-06-24 16:32:41
是的,您应该ALWAYS清理/清除用户输入,以防止代码或SQL注入。
solution2
0 2011-06-24 16:42:40
Sanitation is always key when handling user input.
- You can use
strip_tagsto limit the HTML tags they're allowed to use, if any. -
htmlspecialcharswill properly change things like<into<so they can't be evaluated as HTML. - If inserting content into a database, use the proper escape function:
- PostgreSQL -
pg_escape_string - mySQL -
mysql_real_escape_string
- PostgreSQL -
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Sending verification mail before registering user - PHP
Filtering of user input before sending per email
How to send response to user before sending mail in php
php mail() sending mail before form is filled
How do I display the user's name before the their email address when sending PHP mail?
PHPmailer : Showing a weird text before sending a mail?
Sending mail before changing header location
How to change mail configuration before sending a mail in the controller using Laravel?
On click on every input field mail is sending
Rename file before sending to user?
Related Tags