开发者

PHPMailer safe practices - Send escaped / sanitized variables or not?

开发者 https://www.devze.com 2022-12-24 04:22 出处:网络
I\'m using the PHPMailer-Lite class to build an email sending script and I\'m not sure if I should use addslashses() on the $name variable when adding it to the constructor.

I'm using the PHPMailer-Lite class to build an email sending script and I'm not sure if I should use addslashses() on the $name variable when adding it to the constructor.

If somebody's last name would be O'Riley (or any other name that contains characters which should normally be sanitized before handling) and I would send it unescaped, wou开发者_运维知识库ldn't it mess with the script/email sending ? Is it safe to send it unescaped ? As a side note, I would also like to avoid having my message body say "Hello, O\'Riley".

Looking at the source, I saw that it only trims the whitespace and line ending (\r\n) characters from the received $name variable, so any advice on this would be more than welcome.

Thank you all in advance !


IIRC, PHPMailer handles that automatically.

If you pass it "Seamus O'Malley" it is properly formatted for sending in email.

0

精彩评论

暂无评论...
验证码 换一张
取 消