Вопрос по php, sanitize, security, email – Как санировать ввод пользователя в PHP перед рассылкой?

44

Error: User Rate Limit Exceeded

<?php
$to = "[email protected]";

$name = $_POST['name'];
$message = $_POST['message'];
$email = $_POST['email'];

$body  =  "Person $name submitted a message: $message";
$subject = "A message has been submitted";

$headers = 'From: ' . $email;

mail($to, $subject, $body, $headers);

header("Location: http://example.com/thanks");
?>

Error: User Rate Limit Exceeded

Error: User Rate Limit Exceeded Fiasco Labs
Error: User Rate Limit Exceeded Carlos Lima
Error: User Rate Limit Exceeded Aaron Wallentine
Error: User Rate Limit Exceeded Frank Farmer

Ваш Ответ

5   ответов
12

:

$email = filter_var($email, FILTER_SANITIZE_EMAIL);

$subject = str_replace(array("\r","\n"),array(" "," "),$subject);
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
48

filter_var().

echo filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);   
Error: User Rate Limit Exceeded
Error: User Rate Limit ExceededespeciallyError: User Rate Limit Exceeded\r\n(header): (...);
Error: User Rate Limit Exceeded
Error: User Rate Limit Exceeded
0

artlung

// define some mail() header's parts and commonly used spam code to filter using preg_match
$match = "/(from\:|to\:|bcc\:|cc\:|content\-type\:|mime\-version\:|subject\:|x\-mailer\:|reply\-to\:|\%0a|\%0b)/i";

// check if any field's value containing the one or more of the code above
if (preg_match($match, $name) || preg_match( $match, $message) || preg_match( $match, $email)) {

// I use ajax, so I call the string below and send it to js file to check whether the email is failed to send or not
echo "failed";

// If you are not using ajax, then you can redirect it with php header function i.e: header("Location: http://example.com/anypage/");

// stop the script before it reach or executing the mail function
die();

}

mail()

4

.

).

4

filter_var

$headers

filter_var iisMail()

function isEmail($email) {
    return preg_match('|^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$|i', $email);
};

if (isset($_POST['email']) && isEmail($_POST['email'])) {
    $email = $_POST['email'] ;
} else {
    // you could halt execution here, set $email to a default email address
    // display an error, redirect, or some combination here,
}

substr()strip_tags()

Error: User Rate Limit ExceededisEmailError: User Rate Limit Exceeded

Похожие вопросы