Can you please tell me whether the following PHP contact form is secure? (It gets used with AJAX.)
<?php
$email_to = "myaddress@email.com";
$email_subject = "My subject";
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
$error_message = "";
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return filter_var(str_replace($bad, "", $string), FILTER_SANITIZE_EMAIL);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = "From: myaddress@email.com\r\n".
"Reply-To: myaddress@email.com\r\n".
"X-Mailer: PHP/" . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>
Aucun commentaire:
Enregistrer un commentaire