I am using PHPMailer class to send mails. Some mails contain user input. Should I clean user input before inserting it to mail body
? How to do this?
Tried to google for it but haven't fount anything useful.
是的,您应该ALWAYS
清理/清除用户输入,以防止代码或SQL注入。
Sanitation is always key when handling user input.
strip_tags
to limit the HTML tags they're allowed to use, if any. htmlspecialchars
will properly change things like <
into <
so they can't be evaluated as HTML. pg_escape_string
mysql_real_escape_string
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.