What are the potential pitfalls of using POST method to send data to an email address in PHP, and how can they be avoided?
Potential pitfalls of using the POST method to send data to an email address in PHP include exposing sensitive information in the URL, lack of validation on user input, and susceptibility to SQL injection attacks. To avoid these pitfalls, it is important to sanitize user input, validate email addresses, and use prepared statements when interacting with a database.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);
// Validate email address
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Send email
$to = $email;
$subject = "Test Email";
$message = "This is a test email.";
$headers = "From: your@example.com";
mail($to, $subject, $message, $headers);
echo "Email sent successfully.";
} else {
echo "Invalid email address.";
}
}
?>