Is this a safe PHP mail function?

Posted by Eystein on Stack Overflow See other posts from Stack Overflow or by Eystein
Published on 2010-05-26T03:49:19Z Indexed on 2010/05/26 4:11 UTC
Read the original article Hit count: 201

Filed under:
|
|

I've finally got this PHP email script working (didn't work on localhost…), but my concern is that it's not safe.

So - is this safe for spamming and any other security pitfalls I'm not aware of?

<?php
$email = '[email protected]';
$subject = 'Notify about stuff';
$notify = $_REQUEST['email'];

if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $notify)) {
    echo "<h4>Your email address doesn't validate, please check that you typed it correct.</h4>";
    echo "<a href='javascript:history.back(1);'>Back</a>";
}

elseif(mail($email, $subject, $notify)) {
    echo "<h4>Thank you, you will be notified.</h4>";
} else {
    echo "<h4>Sorry, your email didn't get registered.</h4>";
}
?>

Unrelated: is there a PHP function I can use instead of javascript:history.back(1) ?

© Stack Overflow or respective owner

Related posts about php

Related posts about security