我用它来发送电子邮件:
$_POST['message'] = filter_var($_POST['message'], FILTER_SANITIZE_STRING);
// …
mail($mail_to, $subject, $message, 'MIME-Version: 1.0' ."\r\n" .'Content-type: text/plain; charset=UTF-8' . "\r\n".'From: '.$_POST['email'] . "\r\n" .'Reply-To: '.$_POST['email']. "\r\n" );
它有效,但报价看起来像这样:"
.
报价中有一个选项,filter_var()
但它安全吗?