SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. Sep 9, 2009, 01:46 #1
    chuckylefrek
    chuckylefrek is offline
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    If using phpMailer - do I need additional security checks?

    I have decided to replace all my mail functionality in my site with phpMailer as I have read that this will protect me from the likes of mail injection.

    I just wanted to confirm what protection this will offer me and what additional security checks I should include in my form handling?

    Thanks

    Paul
    Mediakitchen Limited
    App Development | Website Design & Development | Flash Game Development
    Somerset, UK
    http://www.mediakitchen.co.uk
  2. Sep 10, 2009, 19:57 #2
    Mal Curtis
    Mal Curtis is offline
    SitePoint Addict Mal Curtis's Avatar
    Join Date
    Jul 2009
    Location
    New Zealand
    Posts
    327
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    You won't need to do any more 'security' checks on the input heading for phpMailer - however you will need to do all your standard validation checks to help out the usability of the form.

    If the inputs are simply headed to the email, phpMailer has you sorted. If you're doing any other code with them - you'll need to make sure you're handling them well yourself.

    phpMailer won't do things like remove unwanted html. So if a user wanted to, they could include html into their form submissions, and if you weren't stripping it then it may make it through to your html email. That's not so much security, as validation however.
    Last edited by Mal Curtis; Sep 10, 2009 at 19:58. Reason: I can't spells good.

« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules