我已經終於得到這個PHP電子郵件腳本工作(沒有在本地主機上工作...),但我擔心的是,這是不安全的。這是一個安全的PHP郵件功能嗎?
所以 - 這是安全的垃圾郵件和任何其他安全缺陷,我不知道?
<?php
$email = '[email protected]';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) {
echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
無關:是否有PHP函數可以用來代替javascript:history.back(1)
?
編輯:使用filter代替正則表達式
<?php
$email = '[email protected]';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];
if (!filter_var($notify, FILTER_VALIDATE_EMAIL)) {
echo "<h4>This email address ($notify) is not considered valid, please check that you typed it correct.</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif(mail($email, $subject, $notify)) {
echo "<h4>Thank you, you will be notified.</h4>";
} else {
echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>
+1爲過濾器。太好了! – Cam 2010-05-26 04:53:00
+1用於過濾器,不信任引薦者!或者使用上面提到的會話,或者重定向到用戶應該來自的地方。 – 2010-05-26 04:59:11
謝謝,不知道過濾器。我已更新原始帖子。 – Eystein 2010-05-26 07:55:01