dongyun65343 2012-09-07 21:32
浏览 96
已采纳

php mail()删除CC,BCC和安全性

I'm new to stackoverflow and couldn't find an answer to my question which is; How do I secure my mail() code in php to prevent people from adding bcc which would ultimatly result in mass mailing? My website uses the PHP mail() service to email me when a new comment has been entered in my site. What is the best way to prevent people tampering with it, such as removing the bcc? What I have so far is: 

function mres($input){
if (get_magic_quotes_gpc()){
    $input = stripslashes($input);
}
return mysql_real_escape_string($input);
}
$name = strip_tags(mres($_POST['name']));
$comment = strip_tags(mres($_POST['comment']));

$to = 'myself@gmail.com';
$subject = 'Website - comment';
$body = 'A new comment has been entered on the website.'."

"."$name".' said:         '."

"."$comment";
mail($to,$subject,$body);
  • 写回答

2条回答 默认 最新

  • dongyu5482 2012-09-07 21:48
    关注

    Assuming that this code is followed by:

    mail($to, $subject, $body);

    Then it's safe, if overkill -- the only arguments to mail() which are vulnerable to injection are the ones that control header fields ($to, $subject, and $additional_headers). strip_tags and mysql_real_escape_string are both unnecessary, and the latter will make apostrophes show up as \' in your email.

    If there's no following call to mail(), then it's trivially safe, because it doesn't do anything. :)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 在获取boss直聘的聊天的时候只能获取到前40条聊天数据
  • ¥20 关于URL获取的参数,无法执行二选一查询
  • ¥15 液位控制,当液位超过高限时常开触点59闭合,直到液位低于低限时,断开
  • ¥15 marlin编译错误,如何解决?
  • ¥15 有偿四位数,节约算法和扫描算法
  • ¥15 VUE项目怎么运行,系统打不开
  • ¥50 pointpillars等目标检测算法怎么融合注意力机制
  • ¥20 Vs code Mac系统 PHP Debug调试环境配置
  • ¥60 大一项目课,微信小程序
  • ¥15 求视频摘要youtube和ovp数据集