What are the best practices for validating and sanitizing user input in a PHP contact form to prevent vulnerabilities like E-Mail Header Injection?

To prevent vulnerabilities like E-Mail Header Injection in a PHP contact form, it is essential to validate and sanitize user input before using it to construct email headers. This involves checking for potentially malicious characters or patterns in the input data and sanitizing it to ensure it does not contain any harmful content. By implementing proper validation and sanitization techniques, you can protect your application from attacks that exploit vulnerabilities in email header parsing.

// Validate and sanitize user input for email headers
$name = filter_var($_POST[&#039;name&#039;], FILTER_SANITIZE_STRING);
$email = filter_var($_POST[&#039;email&#039;], FILTER_VALIDATE_EMAIL);
$message = filter_var($_POST[&#039;message&#039;], FILTER_SANITIZE_STRING);

// Construct email headers
$to = &quot;recipient@example.com&quot;;
$subject = &quot;Contact Form Submission&quot;;
$headers = &quot;From: $name &lt;$email&gt;&quot; . &quot;\r\n&quot; .
           &quot;Reply-To: $email&quot; . &quot;\r\n&quot; .
           &quot;X-Mailer: PHP/&quot; . phpversion();

// Send email
mail($to, $subject, $message, $headers);

Keywords

validation sanitization user input PHP E-Mail Header Injection

What are the best practices for validating and sanitizing user input in a PHP contact form to prevent vulnerabilities like E-Mail Header Injection?

Keywords

Related Questions