在HTML5 + JS + PHP中设计发送到电子邮件的表单时,有哪些好的安全预防措施? [关闭]
问题描述:
I'm creating a form on my website which sends an e-mail to me containing the text that the user inputs, they don't need to sign in or anything.
Some questions:
- Should I store information in global session variables or pass them to another page using POST which will then send a mail?
- Do I perform form validation using PHP, JS or both? If so, what should I look out for?
- There is an option for a user to upload a PHP document. How do I make sure they can't send me viruses etc. in that document?
Thanks in advance!
我正在我的网站上创建一个表单,该表单向我发送一封电子邮件,其中包含用户输入的文本 ,他们不需要登录或其他任何内容。 p>
一些问题: p>
- 我应该将信息存储在全局会话变量中吗? 或者使用POST将它们传递到另一个页面然后发送邮件? li>
- 我是否使用PHP,JS或两者执行表单验证? 如果是这样,我应该注意什么? li>
- 用户可以选择上传PHP文档。 我如何确保他们不能在该文件中向我发送病毒等? li>
ol>
提前致谢! p> div>
答
- You can use session but a simple post should work fine.
- Validation is a step that you should never forget, for example you should always validate if user email address is in proper format or not, validate address or phone number in input form if exist. You should validate message sent, it depends whether you should allow formatting or plain text in that case you might want to strip tags.
- You should validate files based on their extensions and deny all executable files.