duanleiliu7373 2012-08-23 09:19
浏览 22
已采纳

使表单处理脚本更安全

what are some steps I can use to make this more secure?

<?php
foreach ($_POST as $field=>$value)
{
$formcontent .= "$field: $value
";
}
$formcontent .= 'User-Agent: '.$_SERVER['HTTP_USER_AGENT'];


$recipient = "****.***y@***********.co.uk";
$subject = "Event feedback form";
$mailheader = "From: web.form@**********.co.uk
";
$mailheader .= "Reply-To: $email
";
$mailheader .= "MIME-Version: 1.0
";


mail($recipient, $subject, $formcontent, $mailheader) or die("Failure!");
header("location:http://www.**********.co.uk");
?>
  • 写回答

3条回答 默认 最新

  • duanou1904 2012-08-23 09:23
    关注

    You may want to apply htmlentities to $value to prevent cross site scripting. 

    $formcontent .= "$field: " . htmlentites($value) . "
";

    Otherwise, its okay, as your values don't go into DB.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比