BryantA Posted June 28, 2012 Share Posted June 28, 2012 Hi, I'm very new to PHP so I'm not sure if this is right but I'm trying to find out if the code below is safe from email injections. I intentionally left out the request for an email because it's not needed for my purpose but I'm not sure if I'm safe. Help please! This is the HTML <form method="post" action="contact.php"> Sugesstion:<br> <input type="text" name="message" rows="15" cols="40"> <input value="Submit" type="submit"> </form> This is the PHP <?php $to = "[email protected]"; $subject = "Suggestion"; $message = $_REQUEST['message'] ; $sent = mail($to, $subject, $message) ; if($sent) {print "Your mail was sent successfully"; } else {print "We encountered an error sending your suggestion"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/264912-email-injections/ Share on other sites More sharing options...
ElCidNebunel Posted June 28, 2012 Share Posted June 28, 2012 You could use a condition : if(filter_var($email,FILTER_VALIDATE_EMAIL) { // do stuff; } else { // treat the error; } Quote Link to comment https://forums.phpfreaks.com/topic/264912-email-injections/#findComment-1357627 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.