Reputation: 58107
PHP input sanitizer function?
What's a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that's not part of the mysql_function() family of functions.)
I take the data, sanitize it, print it back to the user and send it in an email to a preset address.
EDIT: I'm just sending the email to our email address so we can send out a mailing to the address in the email.
Upvotes: 0
Views: 527
Answers (3)
Reputation: 3871
Have you looked at the filter functions e.g http://www.php.net/manual/en/function.filter-var.php
Upvotes: 1
Reputation: 551
Since you're printing it back to the user, you need to escape any HTML content.
strip_tags()
and
html_special_chars() are quite useful in filtering the message content, especially if you're using html messages.
See also:
How to sanitze user input in PHP before mailing?
which mentions doing a find & replace on newlines that could allow injecting content into the mail headers.
As you're using a pre-set mail address the risk is reduced, but the subject field is still vulnerable.
Upvotes: 0
Reputation: 44386
Sanitizing for an e-mail would be equivalent to sanitizing for HTML output. I see some suggestions on SO for HTML Purifier.
Upvotes: 0
Related Questions
- How can I sanitize user input with PHP?
- PHP input sanitizer?
- Sanitizing HTML input
- What is the real way to sanitize user input and output safely and conveniently
- Sanitize User Input via PHP
- Sanitizing user input, is it safe?
- PHP sanitisation for user input
- security preference in php, php functions to sanitize input
- PHP: Advice regarding how user input is "immunized"
- PHP - Sanitize all data?