PHP input sanitizer function?

What's a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that's not part of the mysql_function() family of functions.)

I take the data, sanitize it, print it back to the user and send it in an email to a preset address.

EDIT: I'm just sending the email to our email address so we can send out a mailing to the address in the email.

Answers


Since you're printing it back to the user, you need to escape any HTML content.

strip_tags() and html_special_chars() are quite useful in filtering the message content, especially if you're using html messages.

See also: How to sanitze user input in PHP before mailing? which mentions doing a find & replace on newlines that could allow injecting content into the mail headers. As you're using a pre-set mail address the risk is reduced, but the subject field is still vulnerable.


Have you looked at the filter functions e.g http://www.php.net/manual/en/function.filter-var.php


Sanitizing for an e-mail would be equivalent to sanitizing for HTML output. I see some suggestions on SO for HTML Purifier.


Need Your Help

Perl Search Directory and Copy all Results to Home

regex perl file

I'm looking to automate a menial process using Perl, but am not too familiar with regular expressions and such...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.