php Mail function; Is this way of using it safe?

Posted by Camran on Stack Overflow See other posts from Stack Overflow or by Camran
Published on 2010-06-09T19:10:58Z Indexed on 2010/06/09 19:22 UTC
Read the original article Hit count: 123

Filed under:
|
|
|
|

I have a classifieds website, and inside each classified, there is a small form.

This form is for users to be able to tip their "friends":

<form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm">
Tip: <input name="email2" id="email2" type="text" size="30 />
<input type="submit" value="Skicka Tips"/>
<input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" />
<input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" />
</form>

The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details?

    $to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL);
    $ad_id = $_POST['ad_id2'];
    $headline = $_POST['headline2'];

     $subject = 'You got a tip';

     $message ='Hi. You got a tip: '.$headline.'.\n';

    $headers = 'From: [email protected]\r\n';
    mail($to, $subject, $message, $headers);

I haven't tested the above yet.

© Stack Overflow or respective owner

Related posts about php

Related posts about JavaScript