PHPMailer safe practices - Send escaped / sanitized variables or not ?
- by FreekOne
I'm using the PHPMailer-Lite class to build an email sending script and I'm not sure if I should use addslashses() on the $name variable when adding it to the constructor.
If somebody's last name would be O'Riley (or any other name that contains characters which should normally be sanitized before handling) and I would send it unescaped, wouldn't it mess with the script/email sending ? Is it safe to send it unescaped ? As a side note, I would also like to avoid having my message body say "Hello, O\'Riley".
Looking at the source, I saw that it only trims the whitespace and line ending (\r\n) characters from the received $name variable, so any advice on this would be more than welcome.
Thank you all in advance !