Sunday, 15 February 2015

php - secure email form, header injection query -


I am using the following to clean the input from my contact form:

 < Code> & lt; Php $ name = tab_tags (strips slash ($ _ POST ['name'])); // It is repeated for many other areas, then: if (Injected ($ name)) is {dead}; } / * See * / // Mail below the INTEXED function? & Gt;  

I am using this function:

  & lt ;? Php / * function from http://phpsense.com/php/php-mail to Html (/ str +), '(\ t +)', '(% 0A +)', '(% 0D +)' 'Html' / function isjected ($ str) {$ injection = array ('(\ n +)', '(\ r +)', '' (% 08 +) ',' (% 09 +) '); $ Inject = addition ('|', $ injection); $ Inject = "/ $ injection"; If (preg_match ($ inject, $ str)) {return true; } Other {return false; }}? & Gt;  

Is it enough to clean up my contact form?

Thank you.

It seems that civilization and average is better than inputvalidation. Personally I also like to handle the input type. In my base controller I have a valid date of input, email address etc. If you add such validation for your current verification, then you are managing IMO well.


No comments:

Post a Comment