There is a weakness in the PHP e-mail script in the previous chapter.
First, look at the PHP code from the previous chapter:
The problem with the code above is that unauthorized users can insert data into the mail headers
via the input form.
What happens if the user adds the following text to the email input field in the form?
The mail() function puts the text above into the mail headers as usual, and now the header has an
extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent
to all of the addresses above
The best way to stop e-mail injections is to validate the input.
The code below is the same as in the previous chapter, but now we have added an input validator
that checks the email field in the form:
In the code above we use PHP filters to validate input:
You can read more about filters in our PHP Filter chapter.
Your Query was successfully sent!