Safe e-mail form

notset

Hello,

what function i need to use to make my input safe for sending it via e-mail?

In http://www.nyphp.org/phundamentals/email_header_injection.php i found:

function safe( $name ) {
   return( str_ireplace(array( "\r", "\n", "%0a", "%0d", "Content-Type:", "bcc:","to:","cc:" ), "", $name ) );
}

Is it enough to do mail(safe($POST['email']), safe($POST['subject']), safe($_POST['message'])) ?

Thank's

MarkR

The only things that you strictly need to check for are newline characters (\n and \r), but I typically check for nulls as well - in the subject and all other headers.

In the body of the message it doesn't matter, therefore I strongly recommend that you put no user-supplied data in the subject, for maximum safety.

Mark

notset

So, i don't need to filter a message?

Only email and subject?