www.webdeveloper.com
Results 1 to 3 of 3

Thread: Issue with PHP mail

  1. #1
    Join Date
    Jan 2011
    Posts
    42

    Issue with PHP mail

    I am having a issue with the mail function. Below is the Code that i am using
    PHP Code:
    while($row mysql_fetch_array($getinfo))
    {
            
    $subject ''.$_GET['Subject']."\n";
            
    //// build message
            
    $message 'To ALL,'."\n";
            
    $message .= ''.$_GET['Comments']."\n\n\n\n";

            
            
    $to $row['Email'];
    //        echo $subject, "---", $message ,"---" ,$to;
    //        echo "-----";
            // additional headers
            
    $headers "From: email@yahoo.com\r\n";
            echo 
    $subject"---"$message ,"---" ,$to ,"--------------",$headers;


            
    // send email
                    
    mail($to$subject,$message);
            
    mail($to"Hello"$message,$headers);

            echo 
    "Email is being sent---";
    }

    echo 
    "------------------Email has been sent out----------------------"
    The issue that i have is that when i put the $subject in the Mail it gives me the following error
    Warning: mail() [function.mail]: Bad parameters to mail() function, mail not sent. in /home/content/83/11273183/html/Admin/EmailOut/emailout.php on line 65

    When i do the echo this is what i get
    help@yahoo.com ---This is test 8 ---To ALL, THis is a test8 --------------From: email@yahoo.com

    Any idea why it dont work with $subject

  2. #2
    Join Date
    Jan 2011
    Posts
    42
    I figured it out. the $subject should be

    $subject = $_GET['Subject'];

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,158
    In order to avoid email header injections, you might want to at least do something like:
    PHP Code:
    $subject preg_replace('/[\r\n]+/'' '$_GET['Subject']); 
    (You might also want to do the same thing for $to if you have not similarly sanitized the email address before storing it in the DB -- and not whatever sanitizing you do to prevent SQL injection, which is a separate issue.)
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles