PHPMailer safe practices - Send escaped / sanitized variables or not?
I'm using the PHPMailer-Lite class to build an email sending script and I'm not sure if I should use addslashses() on the $name variable when adding it to the constructor.
If somebody's last name would be O'Riley (or any other name that contains characters which should normally be sanitized before handling) and I would send it unescaped, wou开发者_运维知识库ldn't it mess with the script/email sending ? Is it safe to send it unescaped ? As a side note, I would also like to avoid having my message body say "Hello, O\'Riley".
Looking at the source, I saw that it only trims the whitespace and line ending (\r\n) characters from the received $name variable, so any advice on this would be more than welcome.
Thank you all in advance !
IIRC, PHPMailer handles that automatically.
If you pass it "Seamus O'Malley" it is properly formatted for sending in email.
精彩评论