MmmVomit Posted June 12, 2008 Share Posted June 12, 2008 I'm putting together a simple HTML form with a PHP back end. The user submitted data will be compiled and sent as an email to a hard coded email address. One mantra I've learned for programming secure applications is "filter input, escape output". In this case, my output is an email message. Is there any type of escaping I need to worry about when compiling the email? Are there other security concerns I need to be aware of when sending an email using PHP? I'll be using the mail function. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted June 12, 2008 Share Posted June 12, 2008 nope, you should be fine, especially if you are sending a plain-text email pretty much every email client already handles the blocking of malicious code anyways Quote Link to comment Share on other sites More sharing options...
MmmVomit Posted June 12, 2008 Author Share Posted June 12, 2008 Perfect. Thank you. I've got the PHP security book by Chris Shiflett. He doesn't mention email anywhere in the book, which made me think it wouldn't be a big concern. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.