HartleySan Posted August 1, 2011 Share Posted August 1, 2011 I have a form whose data is sent to an email address via the PHP mail() function. Obviously, when data is going into a database, the data needs to be carefully filtered using regexes, mysqli_real_escape_string, etc., but for data being sent to an email address, none of that seems essential. If anything, a decent spam filter that stops bots seems sufficient. And to that end, does anyone have any good advice on how to handle potential bots, etc.? Anyway, my main question is this: To what level should I be filtering form data being sent to an email address? Thank you. Link to comment Share on other sites More sharing options...
Jonathon Posted August 1, 2011 Share Posted August 1, 2011 I would think that as long as you stop the potential to abuse bcc,cc ect you should be fine. Basically the scrubber in Larry's book. It would be hard to do anything else regarding the actual input in my opinion. Link to comment Share on other sites More sharing options...
HartleySan Posted August 1, 2011 Author Share Posted August 1, 2011 He has an email scrubber function in the PHP 6 & MySQL 5 book? I didn't even know. Thanks. Link to comment Share on other sites More sharing options...
Jonathon Posted August 1, 2011 Share Posted August 1, 2011 Yeah, I use it all the time. Link to comment Share on other sites More sharing options...
Lou Posted August 1, 2011 Share Posted August 1, 2011 Can't you just put a regular expression in a variable and check each input for that? $naughty = '/Content-Type:|Bcc:|Cc:/i'; //when checking user input if (preg_match($naughty, $user_input)){ error['input_name'] = 'Naughty...'; } else { $input = true; } 1 Link to comment Share on other sites More sharing options...
HartleySan Posted August 2, 2011 Author Share Posted August 2, 2011 Certainly, a regex would work here. Good call, Lou. And I just looked at Larry's scrubber function last night, and it's essentially what you suggested, Lou, in non-regex form. Link to comment Share on other sites More sharing options...
Recommended Posts