hi all,
I have a contact us page in my website.. I have to send a email from this page using php..
i m very much new to php.. having not much knowledge in this..
so pls can any1 help me out...urgent..
pls
Thanx in advance
Sending Mail from php
Moderator: General Moderators
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: Sending Mail from php
Thanks a lot...
bt i got the following script from somewhere.... n its working fine...
mail.php
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
$email = 'me@dat.com';
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
mail.html
<html>
<head><title>Mail sender</title></head>
<body>
<form action="mail.php" method="POST">
<b>Email</b><br>
<input type="text" name="email" size=40>
<p><b>Subject</b><br>
<input type="text" name="subject" size=40>
<p><b>Message</b><br>
<textarea cols=40 rows=10 name="message"></textarea>
<p><input type="submit" value=" Send ">
</form>
</body>
</html>
so should i continue using the above script ????
bt i got the following script from somewhere.... n its working fine...
mail.php
<html>
<head><title>PHP Mail Sender</title></head>
<body>
<?php
$email = 'me@dat.com';
$subject = $HTTP_POST_VARS['subject'];
$message = $HTTP_POST_VARS['message'];
if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/", $email)) {
echo "<h4>Invalid email address</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
} elseif ($subject == "") {
echo "<h4>No subject</h4>";
echo "<a href='javascript:history.back(1);'>Back</a>";
}
elseif (mail($email,$subject,$message)) {
echo "<h4>Thank you for sending email</h4>";
} else {
echo "<h4>Can't send email to $email</h4>";
}
?>
</body>
</html>
mail.html
<html>
<head><title>Mail sender</title></head>
<body>
<form action="mail.php" method="POST">
<b>Email</b><br>
<input type="text" name="email" size=40>
<p><b>Subject</b><br>
<input type="text" name="subject" size=40>
<p><b>Message</b><br>
<textarea cols=40 rows=10 name="message"></textarea>
<p><input type="submit" value=" Send ">
</form>
</body>
</html>
so should i continue using the above script ????
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: Sending Mail from php
No - it's vulnerable to SQL injection.
Re: Sending Mail from php
vulnerable to SQL injection. ????? 
Re: Sending Mail from php
use PhpMailer!
Re: Sending Mail from php
ok..
Bt i m confused...wht's d problem in the above code...??!!!!!!
its working fine...
n my website is a simple static website in html....jus having a ContactUs page... from which i have to send a simple mail... so i need a php script....
Bt i m confused...wht's d problem in the above code...??!!!!!!
its working fine...
n my website is a simple static website in html....jus having a ContactUs page... from which i have to send a simple mail... so i need a php script....
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: Sending Mail from php
Thats rubbish! Yes it is vulnerable but not to SQL injection! It is vulnerable to header injection. What would happen is other people could use your mailserver without you knowing. They could send many thousands of emails to and from who ever they wanted and you would be none the wiser until you looked at your mail queue or your IP got blacklisted etc.mattpointblank wrote:No - it's vulnerable to SQL injection.
I still recommend using the class in the link I submitted. It will take care of any injection. Another good one is htmlMimeMail5, it can also do attachements, which might be overkill for what you need but would allow for future development.