Tutorials PHP Sending data to your Email

Sending data to your Email

Today I will show you how to send emails with PHP.

Do I have mail?

First of all, you need to find out if your server allows you to send mail. This is between you and your server. Most paid servers have mail and most free servers do not. If you do not have this function, this tutorial is useless to you. So check if you're allowed to send mail first.

if (function_exists('mail')) {    echo 'Mail is available';} else {    echo 'Mail is not available';}

The mail function

If you have the mail function, then you can send email. To send an email, you need a target destination, the subject line, the actual message, and header information.

// mail ("destination","subject","message","header");mail("mail@gmail.com","Greetings","Just wanted to say hi","from:admin@site.com");

What is the header?

The header is where you tell PHP the from address, CC, BCC and date.

Is it secure?

If you plan on allowing users to fill out your header information, you could be opening your mail function to SMTP injections.

What is SMTP injection?

SMTP injection is when hackers hijack your mail script to send mail other people. They add data to your header to CC and BCC more people.

How do I stop SMTP injections?

There are a 2 common methods for SMTP prevention. The most simple method is to remove user's ability to modify the header; hard code all your from, CC and BCC header information and put all user submitted data into the actual message.

Another method is to validate the data. If the field is asking for user's email, make sure it is in the correct format with no weird characters. If nothing else, filter out "\n" and "\r" as that's how hackers manipulate headers. More on form validation in this tutorial.

That's all for today. There won't be any more tutorials for the next few weeks. I'm going on vacation and won't be back until June. See you all then!

Posted by on . Category: PHP


No comments posted yet

You need to register or login to post new comments.