我已经终于得到这个PHP电子邮件脚本工作(没有在本地主机上工作...),但我担心的是,这是不安全的。这是一个安全的PHP邮件功能吗?
所以 - 这是安全的垃圾邮件和任何其他安全缺陷,我不知道?
<?php
$email = '[email protected]';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) {
echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
无关:是否有PHP函数可以用来代替javascript:history.back(1)
?
编辑:使用filter代替正则表达式
<?php
$email = '[email protected]';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!filter_var($notify, FILTER_VALIDATE_EMAIL)) {
echo "<h4>This email address ($notify) is not considered valid, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
+1为过滤器。太好了! – Cam 2010-05-26 04:53:00
+1用于过滤器,不信任引荐者!或者使用上面提到的会话,或者重定向到用户应该来自的地方。 – 2010-05-26 04:59:11
谢谢,不知道过滤器。我已更新原始帖子。 – Eystein 2010-05-26 07:55:01