News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DreamInCode.com:
Preventing PHP Mail(...) Header Injections
April 22, 2011 @ 11:06:23

On the Dream In Code forums there's a recent post showing you how to prevent mail() header injections when taking user input, like from a form.

PHP's mail() function is a very useful and powerful function, even to the point that it is very easy to exploit. A way hackers exploit this function is a method called email header injection. [...] I'm sure most of you can already tell that's not going to be pretty since we didn't check the user input and so forth. PHP provides us with functions such as filter_var which will validate user input and either return false if the validation fails or return the filtered data.

He includes an example of using this filtering methods to check the user input for malicious information - validating that the "to" address is a valid email (FILTER_VALIDATE_EMAIL) and a sanitize() method that removes things like newlines, carriage returns and a few other characters.

1 comment voice your opinion now!
prevent mail header injection tutorial filtervar sanitize


blog comments powered by Disqus

Similar Posts

Blake Gardner: Practical usage of PHP 5.5 generators: yield keyword

phpaddiction: Url Routing with PHP - Part Two

DevShed: Generating View from MySQL to Simulate the Model-View-Controller Schema in PHP

NetTuts.com: Best Practices When Working With Sensitive Data: Securing Your Application

MaltBlue.com: \Zend\Db\Sql - Creating Joins and Unions with Ease


Community Events





Don't see your event here?
Let us know!


interview list wordpress library configure application podcast series community threedevsandamaybe api laravel unittest language bugfix developer install code introduction release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework