Can mail() header-injection occur when exploiting the $empfaenger field instead of the $from field in PHP?

Mail() header injection can occur when user input is not properly sanitized before being used in the $empfaenger field of the mail() function. To prevent header injection, always sanitize user input using functions like filter_var() with FILTER_VALIDATE_EMAIL or use a regular expression to ensure the input is a valid email address.

$empfaenger = filter_var($_POST[&#039;empfaenger&#039;], FILTER_VALIDATE_EMAIL);

if($empfaenger){
    // Proceed with sending the email
    mail($empfaenger, $subject, $message, $headers);
} else {
    // Handle invalid email address input
    echo &quot;Invalid email address&quot;;
}

Keywords

mail() header-injection $empfaenger $from PHP

Can mail() header-injection occur when exploiting the $empfaenger field instead of the $from field in PHP?

Keywords

Related Questions