PHP Secure Email

PHP Secure Email tutorial will explain you How to validate email in PHP? with example.

Prevention against PHP Email Injection

First you need to know what is  PHP email injection.
PHP Email injection is the a security vulnerability that can occur in Internet applications that are used to send email  messages.

PHP email injection sends unwanted emails to different addresses. The code given in previous chapter has a serious security threat. It has PPH email injection problem.
If you insert data into the mail headers via the input form as given below:

Due to this, the mail will be sent to all the mail address above.

How it can be prevent from PHP email injection

The most efficient way to stop PHP email injection is to validate the email input field.

Use the following function to prevent PHP email injection:
The email field will be sanitized and validated just as it was earlier in the tutorial.

First, check to make sure it is not blank:

Next, sanitize it:

Finally, validate it as a true email address:

The final code looks like this:

In the above code, we use two PHP filters to validate input :
1. FILTER_SANITIZE_EMAIL : removes all illegal e-mail characters from a string.
2. FILTER_VALIDATE_EMAIL : validates value as an e-mail address.

SHARE
Previous articlePHP Send Mail
Next articlePHP Error Handling
I am a young Information Systems Security Engineer(CEH). I had started with penetration testing when i am 17 years old. It all started with Kali linux and Metasploit.In free time i will play with Security holes/Bug bounty/Pentesting and Hacking !!!