Andriy Kravchenko
Reputation: 11
Cleaning user input before sending it in mail
I am using PHPMailer class to send mails. Some mails contain user input. Should I clean user input before inserting it to mail body? How to do this?
Tried to google for it but haven't fount anything useful.
Upvotes: 1
Views: 542
Answers (2)
Michael Irigoyen
Reputation: 22947
Sanitation is always key when handling user input.
- You can use
strip_tagsto limit the HTML tags they're allowed to use, if any. htmlspecialcharswill properly change things like<into<so they can't be evaluated as HTML.- If inserting content into a database, use the proper escape function:
- PostgreSQL -
pg_escape_string - mySQL -
mysql_real_escape_string
- PostgreSQL -
Upvotes: 0
Steve Nguyen
Reputation: 5974
Yes, you should ALWAYS sanitize/clean user input to prevent code or SQL injections.
Upvotes: 3
Related Questions
- PHP data sanitization in emails
- User inputs, clean and sanitize before sending to db
- How should I clean user input if I am not writing to a databse?
- How to sanitze user input in PHP before mailing?
- Do I need to sanitize user-inputted data, before sending it in an email
- Sanitise or validate email php
- PHP sanitisation for user input
- Right way to process form text for sending email in PHP
- Sanitizing user input that will later be e-mailed - what should I be worried about?
- php Form to Email sanitizing