At 11:06 AM -0500 9/28/06, Richard Lynch wrote:
Though I confess, I'm sometimes at a loss how to properly escape
certain data for certain situations...
Here's an example:
Take the Subject of an email.
Sure, I've sanitized it to be sure there are no newlines for header
injection.
But now how do I properly escape it to be sure it's a kosher email
subject?
Where's the PHP function smtp_escape()?
I'm just passing it on from one user to another. I don't want to
munge it, nor make any assumptions about its format. It's just "data"
to me.
But to SMTP, there are bound to be all kinds of "rules" about it that
I have no desire, much less time, to research, code, and test in as
thorough a fashion as I should to be Professional.
And every developer who sends an email with PHP needs this, right?
So of the myriad PHP functions available, which one is the right one
to escape an email Subject.
I'm *NOT* asking for an answer to this specific question about email
Subjects!
I'm looking for a guide, a chart, a grid, an organized systemic
documentation of what data should be escaped how as it travels through
the "glue" that is PHP...
Richard:
I realize that you are not asking for an answer, but for a guide --
however -- isn't the real problem here simply one of injection? Just
stop the user from injecting stuff in the subject and that would fix
it right? Or, am I underestimating the problem?
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
