How can PHP developers ensure that email headers are not vulnerable to header injection attacks when sending emails?

To prevent header injection attacks when sending emails in PHP, developers should sanitize user input and validate email addresses before using them in email headers. One way to achieve this is by using the `filter_var()` function with the `FILTER_VALIDATE_EMAIL` filter to validate email addresses.

// Sanitize and validate email address
$email = filter_var($_POST[&#039;email&#039;], FILTER_VALIDATE_EMAIL);

if ($email) {
    // Send email with sanitized email address
    $headers = &quot;From: webmaster@example.com\r\n&quot;;
    $headers .= &quot;Reply-To: $email\r\n&quot;;
    
    $subject = &quot;Subject of the email&quot;;
    $message = &quot;Body of the email&quot;;
    
    mail(&quot;recipient@example.com&quot;, $subject, $message, $headers);
} else {
    // Handle invalid email address
    echo &quot;Invalid email address&quot;;
}

Keywords

PHP email headers header injection attacks validation sanitize

How can PHP developers ensure that email headers are not vulnerable to header injection attacks when sending emails?

Keywords

Related Questions