Learn PHP
PHP techniques
PHP Smarty Functions
PHP Web Email
Secure development
PHP Security Scenario
PHP Smarty
PHP Smarty Modifiers
PHP Smarty Caching
PHP Smarty Misc
Zend Framework
PHP basics

PHP Web Email

Debugging PHP Mail Problems

If you are having problems getting PHP to send emails, start by confirming the presence of a working mail program on your server. You'll need to identify and then test the mail server. The second step is to attempt to send emails to different addresses, as the problem may be on the receiving end (e.g., a spam filter could intercept the message). In particular, you might have problems getting past the spam filters used by the largest email corporations, like AOL and Hotmail. You can improve the odds of an email getting through by making sure that it is not spam and that it follows all of the email specifications. Using the proper headers, at the very least, a valid FROM address, is always a good idea. Because PHP only calls an external mail program, there is no way to confirm that a mail was sent (short of knowing it was received). For that matter, there is no easy way to test with PHP if an email was successfully sent to or received by a valid email address.

Sending HTML Email or Email with Attachments

The mail() function can easily send plain-text messages but it can also send HTML email or email containing attachments with a little more effort. The most fool-proof way of doing so is to use third-party code, like the PEAR Mail and Mail_Mime classes.

Security Concerns

Validating an email address is one of the best uses of regular expressions, as an email address must abide by exact specifications. Any email address used in a message should be checked in this way. Because of the way that the mail() function builds the message out of the TO, SUBJECT, MESSAGE, and ADDITIONAL HEADERS values, the function can be manipulated to send spam. If using the mail() function with data coming from external sources, like an HTML form, the data should be filtered for safety. The following function will address any potentially-dangerous characters and strings in a given value:
function clear_user_input($value) {    // Check for bad values:   

 if (stristr($value, 'content-type')) return '';   

 if (stristr($value, 'bcc:')) return '';   

 if (stristr($value, 'to:')) return '';   

 if (stristr($value, 'cc:')) return '';   

 if (stristr($value, 'href')) return '';   

// Strip quotes, if Magic Quotes are on:   

 if (get_magic_quotes_gpc()) $value = stripslashes($value);   

// Replace any newline characters with spaces:   

 $value = str_replace(array( "r", "n", "%0a", "%0d"), ' ', $value);   

// Return the value:   

 return trim($value);   

The function could also be modified to strip any HTML tags from the value. As an example usage, to sanctify all posted from data, use this line after defining the function:
$_SAFE = array_map('clear_user_input', $_POST);
Data in $_SAFE is now safe to use in the mail() function.

Article continues:  <<previous page

 Download NuSphere PHP IDE

Download a free trial of the fast PHP EDitor and robust Integrated Development Environment for PHP.

 Buy NuSphere PhpED® now

Best PHP Editor and complete PHP IDE.
NuSphere PhpED 19.0 is available from our online store front.

 Special Team4 Offer

Get 4 copies of PhpED for the price of 3!

Optimum solution for development teams.
PhpED 19.0 Team4
Need more than 4 licenses? Contact Us for more quantity discounts, please use "Ordering/Payment issue" subject on the form.
"To be honest its bloody awesome, I have looked at loads of PHP editors and this is THE only one that actual works straight out of the box!!! Brilliant, well done."
Andrew Breward,
Director of Technology