I'm interning for an NGO in India (Seva Mandir, http://sevamandir.org) and trying to fix their broken "subscribe to newsletter" box. Because the staff isn't very sophisticated and our web host isn't great, I decided to send the relevant data to the publications person via mail() instead of storing it in a MySQL database.
I know that it's best to treat user input as malicious, and I've searched the SO forums for posts relevant to escaping user data for sending in a mail message. I know the data should be escaped; what should I be worried about and what's the best way to sanitize the input before emailing it?
Also note that the org's web host is still using PHP 4, so I can't just use filter_var for strings. I'm working with them to fix the problem, but for now I'd have to use regexes or strip_tags or some other method.
Form flow:
1. User enters email on homepage and clicks Submit
2. User enters name, address, more information on second page (bad usability, I know, but my boss asked me to) and clicks "Submit"
3. Collect the data via $_POST and email it to the publications editor (and possibly send a confirmation to the subscriber).
I am going to sanitize the email in step 2 and the other data in step 3. I appreciate your help,
Kevin
You need to be aware of Email Header Injection attacks.
Basically if you strip \n and \r from the from the $name, $from, $to and $subject you should be fairly safe, but it's always best to take a white list approach.