Page 1 of 1

Sending Mail from php

Posted: Mon Feb 23, 2009 6:47 am
by shraddha
hi all,

I have a contact us page in my website.. I have to send a email from this page using php..

i m very much new to php.. having not much knowledge in this..

so pls can any1 help me out...urgent..

pls

Thanx in advance

Re: Sending Mail from php

Posted: Tue Feb 24, 2009 7:00 am
by jaoudestudios

Re: Sending Mail from php

Posted: Tue Feb 24, 2009 7:11 am
by shraddha
Thanks a lot...

bt i got the following script from somewhere.... n its working fine...


mail.php

<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
$email = 'me@dat.com';
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];

if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}

elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>

mail.html

<html>
<head><title>Mail sender</title></head>
<body>
<form action="mail.php" method="POST">
<b>Email</b><br>
<input type="text" name="email" size=40>
<p><b>Subject</b><br>
<input type="text" name="subject" size=40>
<p><b>Message</b><br>
<textarea cols=40 rows=10 name="message"></textarea>
<p><input type="submit" value=" Send ">
</form>
</body>
</html>

so should i continue using the above script ????

Re: Sending Mail from php

Posted: Tue Feb 24, 2009 7:34 am
by mattpointblank
No - it's vulnerable to SQL injection.

Re: Sending Mail from php

Posted: Wed Feb 25, 2009 1:21 pm
by shraddha
vulnerable to SQL injection. ????? :?

Re: Sending Mail from php

Posted: Wed Feb 25, 2009 1:22 pm
by keevitaja
use PhpMailer!

Re: Sending Mail from php

Posted: Wed Feb 25, 2009 1:27 pm
by shraddha
ok..

Bt i m confused...wht's d problem in the above code...??!!!!!!

its working fine...

n my website is a simple static website in html....jus having a ContactUs page... from which i have to send a simple mail... so i need a php script....

Re: Sending Mail from php

Posted: Thu Feb 26, 2009 2:13 am
by jaoudestudios
mattpointblank wrote:No - it's vulnerable to SQL injection.
Thats rubbish! Yes it is vulnerable but not to SQL injection! It is vulnerable to header injection. What would happen is other people could use your mailserver without you knowing. They could send many thousands of emails to and from who ever they wanted and you would be none the wiser until you looked at your mail queue or your IP got blacklisted etc.

I still recommend using the class in the link I submitted. It will take care of any injection. Another good one is htmlMimeMail5, it can also do attachements, which might be overkill for what you need but would allow for future development.