¿Puede decirme si el siguiente formulario de contacto de PHP es seguro? (Se acostumbra con AJAX.)
<?php
$email_to = "[email protected]";
$email_subject = "My subject";
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
$error_message = "";
$email_message = "Form details below.\n\n";
function clean_string($string) {
$bad = array("content-type","bcc:","to:","cc:","href");
return filter_var(str_replace($bad, "", $string), FILTER_SANITIZE_EMAIL);
}
$email_message .= "Name: ".clean_string($name)."\n";
$email_message .= "Email: ".clean_string($email)."\n";
$email_message .= "Message: ".clean_string($message)."\n";
// create email headers
$headers = "From: [email protected]\r\n".
"Reply-To: [email protected]\r\n".
"X-Mailer: PHP/" . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);
?>