php mail header injection prevention
问题 On the php manual page for mail function, there was a user comment saying "take care to prevent header injection". In my application, I use the mail function, and the only user input I use as a parameter to the function is the email address. I do a preliminary check of the email address using the regex ^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$ . Will this also prevent against header injection? Thanks, jrh 回答1: Someone would want to inject something like this: user