PHP secure emails

In the PHP e-mail script in the previous section, there is a vulnerability

---

Introduction to constants

##·

FILTER_SANITIZE_EMAILFilter removes illegal characters of email from a string

·

FILTER_VALIDATE_EMAILFilter validates the value of an email address

---

PHP E-mail Injection

First of all, please look at the PHP code in the previous chapter:

    
   Email: 
 Subject: 
 Message:
  
  "; } ?>  

Problems with the above code Yes, unauthorized users can insert data into email headers via the input form.

What will happen if the user adds the following text to the email in the input box in the form?

someone@example.com%0ACc:person2@example.com%0ABcc:person3@example.com,person3@example.com,
anotherperson4@example. com,person5@example.com
%0ABTo:person6@example.com

##As always, mail () function puts the above text into the email header, so now the header has additional Cc:, Bcc: and To: fields. When the user clicks the submit button, this e-mail will be sent to all the addresses

above!

---

##PHP prevents email injection

#The best way to prevent e-mail injection is to validate the input.The following code is similar to the one in the previous chapter, but here we have added an input validation program to detect the email field in the form:

    
   Email: 
 Subject: 
 Message:
  
  "; } ?>  

In the above code, we used a PHP filter to validate the input:·

FILTER_SANITIZE_EMAIL

Filter removes illegal characters of email from the string

·FILTER_VALIDATE_EMAILFilter validates the value of the email address

You can read more about filters in our PHP Filter.