Menu
I have a simple PHP mailer script that takes values from a form submitted via POST and mails them to me:
<?php $to = "[email protected]"; $name = $_POST['name']; $message = $_POST['message']; $email = $_POST['email']; $body = "Person $name submitted a message: $message"; $subject = "A message has been submitted"; $headers = 'From: ' . $email; mail($to, $subject, $body, $headers); header("Location: http://example.com/thanks"); ?> How can I sanitize the input?
319
Sanitizing data means removing any illegal character from the data. Sanitizing user input is one of the most common tasks in a web application. To make this task easier PHP provides native filter extension that you can use to sanitize the data such as e-mail addresses, URLs, IP addresses, etc.
User input should always be treated as malicious before making it down into lower layers of your application. Always handle sanitizing input as soon as possible and should not for any reason be stored in your database before checking for malicious intent.
Sanitize the post variable with filter_var().
Example here. Like:
echo filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
