Sending E Mails Using Php

Previous Page
Next Page

PHP Sending E-mails :

PHP allows you to send e-mails directly from a script.

PHP mail() Function :

The PHP mail() function is used to send emails from inside a script.

Syntax
//Syntax :</br>
mail(to,subject,message,headers,parameters)
Parameter Description
to Required. Specifies the receiver / receivers of the email
subject Required. Specifies the subject of the email. Note: This parameter cannot contain any newline characters
message Required. Defines the message to be sent. Each line should be separated with a LF (\n). Lines should not exceed 70 characters
headers Optional. Specifies additional headers, like From, Cc, and Bcc. The additional headers should be separated with a CRLF (\r\n)
parameters Optional. Specifies an additional parameter to the sendmail program
Notepad

Note : For the mail functions to be available, PHP requires an installed and working email system.

The program to be used is defined by the configuration settings in the php.ini file.

PHP Simple E-Mail :

The simplest way to send an email with PHP is to send a text email. In the example below we first declare the variables ($to, $subject, $message, $from, $headers), then we use the variables in the mail() function to send an e-mail:

CODE/PROGRAM/EXAMPLE
<?php
$to = "someone@example.com";
$subject = "Test mail";
$message = "Hello! This is a simple email message.";
$from = "someonelse@example.com";
$headers = "From: $from";
mail($to,$subject,$message,$headers);
echo "Mail Sent.";
?>

PHP Mail Form :

With PHP, you can create a feedback-form on your website. The example below sends a text message to a specified e-mail address:

CODE/PROGRAM/EXAMPLE
<html>
<body>
<?php
if (isset($_REQUEST["email"]))
//if "email" is filled out, send email
{
//send email
$email = $_REQUEST["email"] ;
$subject = $_REQUEST["subject"] ;
$message = $_REQUEST["message"] ;
mail( "someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
else
//if "email" is not filled out, display the form
{
echo "<form method="post" action="mailform.php">
Email: <input name="email" type="text" /><br />
Subject: <input name="subject" type="text" /><br />
Message:<br />
<textarea name="message" rows="15" cols="40">
</textarea><br />
<input type="submit" />
</form>";
}
?>
</body>
</html>

This is how the example above works:

  • First, check if the email input field is filled out
  • If it is not set (like when the page is first visited); output the HTML form
  • If it is set (after the form is filled out); send the email from the form
  • When submit is pressed after the form is filled out, the page reloads, sees that the email input is set, and sends the email

PHP Secure E-mails :

There is a weakness in the PHP e-mail script in the above point.

PHP E-mail Injections :

First, look at the PHP code from the previous chapter:

CODE/PROGRAM/EXAMPLE
<html>
<body>
<?php
if (isset($_REQUEST["email"]))
//if "email" is filled out, send email
{
//send email
$email = $_REQUEST["email"] ;
$subject = $_REQUEST["subject"] ;
$message = $_REQUEST["message"] ;
mail("someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
else
//if "email" is not filled out, display the form
{
echo "<form method="post" action="mailform.php">
Email: <input name="email" type="text" /><br />
Subject: <input name="subject" type="text" /><br />
Message:<br />
<textarea name="message" rows="15" cols="40">
</textarea><br />
<input type="submit" />
</form>";
}
?>
</body>
</html>

The problem with the code above is that unauthorized users can insert data into the mail headers via the input form.

What happens if the user adds the following text to the email input field in the form?

CODE/PROGRAM/EXAMPLE
someone@example.com%0ACc:person2@example.com
%0ABcc:person3@example.com,person3@example.com,
anotherperson4@example.com,person5@example.com
%0ABTo:person6@example.com

The mail() function puts the text above into the mail headers as usual, and now the header has an extra Cc:, Bcc:, and To: field. When the user clicks the submit button, the e-mail will be sent to all of the addresses above!

PHP Stopping E-mail Injections :

The best way to stop e-mail injections is to validate the input.

The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:

CODE/PROGRAM/EXAMPLE
<html>
<body>
<?php
function spamcheck($field)
{
//eregi() performs a case insensitive regular expression match
if(eregi("to:",$field) || eregi("cc:",$field))
{
return TRUE;
}
else
{
return FALSE;
}
}
//if "email" is filled out, send email
if (isset($_REQUEST["email"]))
{
//check if the email address is invalid
$mailcheck = spamcheck($_REQUEST["email"]);
if ($mailcheck==TRUE)
{
echo "Invalid input";
}
else
{
//send email
$email = $_REQUEST["email"] ;
$subject = $_REQUEST["subject"] ;
$message = $_REQUEST["message"] ;
mail("someone@example.com", "Subject: $subject",
$message, "From: $email" );
echo "Thank you for using our mail form";
}
}
else
//if "email" is not filled out, display the form
{
echo "<form method="post" action="mailform.php">
Email: <input name="email" type="text" /><br />
Subject: <input name="subject" type="text" /><br />
Message:<br />
<textarea name="message" rows="15" cols="40">
</textarea><br />
<input type="submit" />
</form>";
}
?>
</body>
</html>
#sending_emails_using_php #php_email #PHP_Sending_E-mails #PHP_mail()_Function #PHP_Simple_E-Mail #PHP_Secure_E-mails #PHP_E-mail_Injections #PHP_Stopping_E-mail_Injections #PHP_email_Error_Handling

(New page will open, for Comment)

Not yet commented...
how to recover deleted files

All Rights Reserved. © 2024 BookOfNetwork