From the course: PHP Tips, Tricks, and Techniques

Unlock this course with a free trial

Join today to access over 22,400 courses taught by industry experts.

Prevent email header injection attacks

Prevent email header injection attacks

From the course: PHP Tips, Tricks, and Techniques

Prevent email header injection attacks

- [Instructor] Hi, I'm David Powers and welcome to this week's edition of PHP tips, tricks and techniques designed to help you become a smarter, more productive PHP developer. Email header injection is one of the oldest malicious exploits of online forms. Unfortunately, it's also a trap that inexperienced PHP developers frequently fall into. This scrip, which you can download in the exercise files for this video, is typical of the poorly written code that I've come across time and time again. It begins by assigning values submitted through the post array to simple variables. Then it builds the body of an email message and then uses the mail function to send the message. The problem lies in here. In the fourth argument and the way that it's being used. This argument allows you to set additional headers to be added to the email. Now there are several things that are wrong with this, but the most important is that email, that's unfiltered input that's come from the online form and it's…

Contents