以PHP联系表单阻止电子邮件注入

时间:2015-07-21 14:46:55

标签: php forms email sanitize filter-var

抱歉,我没有受过任何编程教育,也不熟悉PHP。我想确保我的基本联系表格是安全的,不能被劫持。我有一个HTML表单,将数据提交到以下PHP邮件脚本。如果我将第4行更改为$field_email = filter_var($_POST['or_email'], FILTER_VALIDATE_EMAIL);,那么这会阻止注射。我应该做出哪些其他安全方面的改变?

<?php
$field_name = $_POST['or_name'];
$field_company = $_POST['or_company'];
$field_email = $_POST['or_email'];
$field_tel = $_POST['or_tel'];
$field_package = $_POST['or_package'];
$field_details = $_POST['or_details'];

$mail_to = 'email@email.com'; //Change to your email
$subject = 'Enquiry from '.$field_name.' ('.$field_company.')'; //Change to your subject

$body_message = 'From: '.$field_name."\n";
$body_message .= 'Company: '.$field_company."\n";
$body_message .= 'E-mail: '.$field_email."\n";
$body_message .= 'Phone: '.$field_tel."\n";
$body_message .= 'Package: '.$field_package."\n";
$body_message .= 'Details: '.$field_details;

$headers = 'From: '.$field_email."\r\n";
$headers .= 'Reply-To: '.$field_email."\r\n";

mail($mail_to, $subject, $body_message, $headers);
?>

亲切的问候,

迈克尔

0 个答案:

没有答案