BryantA Posted June 28, 2012 Share Posted June 28, 2012 Hi, I'm very new to PHP so I'm not sure if this is right but I'm trying to find out if the code below is safe from email injections. I intentionally left out the request for an email because it's not needed for my purpose but I'm not sure if I'm safe. Help please! This is the HTML <form method="post" action="contact.php"> Sugesstion:<br> <input type="text" name="message" rows="15" cols="40"> <input value="Submit" type="submit"> </form> This is the PHP <?php $to = "[email protected]"; $subject = "Suggestion"; $message = $_REQUEST['message'] ; $sent = mail($to, $subject, $message) ; if($sent) {print "Your mail was sent successfully"; } else {print "We encountered an error sending your suggestion"; } ?> Link to comment https://forums.phpfreaks.com/topic/264912-email-injections/ Share on other sites More sharing options...
ElCidNebunel Posted June 28, 2012 Share Posted June 28, 2012 You could use a condition : if(filter_var($email,FILTER_VALIDATE_EMAIL) { // do stuff; } else { // treat the error; } Link to comment https://forums.phpfreaks.com/topic/264912-email-injections/#findComment-1357627 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.