Are there best practices for using the mail() function in PHP to ensure secure email handling?

When using the mail() function in PHP, it is important to sanitize user input to prevent email injection attacks. This can be done by validating and filtering user input before passing it to the mail() function. Additionally, it is recommended to set headers properly to prevent header injection attacks and to avoid sending sensitive information in plain text.

// Sanitize user input
$to = filter_var($_POST[&#039;to&#039;], FILTER_SANITIZE_EMAIL);
$subject = filter_var($_POST[&#039;subject&#039;], FILTER_SANITIZE_STRING);
$message = filter_var($_POST[&#039;message&#039;], FILTER_SANITIZE_STRING);

// Set additional headers to prevent header injection
$headers = &quot;From: your_email@example.com\r\n&quot;;
$headers .= &quot;Reply-To: your_email@example.com\r\n&quot;;
$headers .= &quot;X-Mailer: PHP/&quot; . phpversion();

// Send email
$mailSent = mail($to, $subject, $message, $headers);

if($mailSent){
    echo &quot;Email sent successfully&quot;;
} else {
    echo &quot;Failed to send email&quot;;
}

Keywords

mail function secure email handling PHP security best practices

Are there best practices for using the mail() function in PHP to ensure secure email handling?

Keywords

Related Questions