How can PHP developers prevent email header injection vulnerabilities in their code?

Email header injection vulnerabilities can be prevented by sanitizing user input before using it to construct email headers. PHP developers can use the `filter_var()` function with the `FILTER_SANITIZE_EMAIL` filter to validate and sanitize email addresses before including them in email headers. This helps to prevent malicious users from injecting additional headers into the email, which could be used for spamming or phishing attacks.

$email = filter_var($_POST[&#039;email&#039;], FILTER_SANITIZE_EMAIL);
$subject = filter_var($_POST[&#039;subject&#039;], FILTER_SANITIZE_STRING);
$message = filter_var($_POST[&#039;message&#039;], FILTER_SANITIZE_STRING);

// Construct email headers
$headers = &quot;From: webmaster@example.com\r\n&quot;;
$headers .= &quot;Reply-To: $email\r\n&quot;;
$headers .= &quot;X-Mailer: PHP/&quot; . phpversion();

// Send email
mail(&quot;recipient@example.com&quot;, $subject, $message, $headers);

Keywords

email header injection PHP developers code security validation functions htmlspecialchars

How can PHP developers prevent email header injection vulnerabilities in their code?

Keywords

Related Questions