dqy012345 2013-12-09 15:12
浏览 44
已采纳

在HTML5 + JS + PHP中设计发送到电子邮件的表单时,有哪些好的安全预防措施? [关闭]

I'm creating a form on my website which sends an e-mail to me containing the text that the user inputs, they don't need to sign in or anything.

Some questions:

  1. Should I store information in global session variables or pass them to another page using POST which will then send a mail?
  2. Do I perform form validation using PHP, JS or both? If so, what should I look out for?
  3. There is an option for a user to upload a PHP document. How do I make sure they can't send me viruses etc. in that document?

Thanks in advance!

  • 写回答

1条回答 默认 最新

  • dongmei8511 2013-12-09 15:24
    关注
    1. You can use session but a simple post should work fine.
    2. Validation is a step that you should never forget, for example you should always validate if user email address is in proper format or not, validate address or phone number in input form if exist. You should validate message sent, it depends whether you should allow formatting or plain text in that case you might want to strip tags.
    3. You should validate files based on their extensions and deny all executable files.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 求解vmware的网络模式问题
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?