How can you prevent header injection attacks when using the header function in PHP?

Header injection attacks can be prevented by validating and sanitizing user input before using it in the header function. This can be done by checking for any potentially malicious characters such as newlines or carriage returns in the input.

// Validate and sanitize user input before using it in the header function
$user_input = $_POST[&#039;user_input&#039;];

if (preg_match(&#039;/[\r\n]/&#039;, $user_input)) {
    // Input contains potentially malicious characters, handle error
    echo &quot;Invalid input detected&quot;;
} else {
    // Safe to use input in header function
    header(&quot;Location: &quot; . $user_input);
}

Keywords

header function header injection attacks security validation input sanitization

How can you prevent header injection attacks when using the header function in PHP?

Keywords

Related Questions