Menu
Community /Pin to ProfileBookmark
@NogDogAug 07.2013 — #In order to avoid email header injections, you might want to at least do something like:
(You might also want to do the same thing for $to if you have not similarly sanitized the email address before storing it in the DB -- and not whatever sanitizing you do to prevent SQL injection, which is a separate issue.)
Issue with PHP mail
I am having a issue with the mail function. Below is the Code that i am using
[code=php]
while($row = mysql_fetch_array($getinfo))
{
$subject = ”.$_GET[‘Subject’].”n”;
//// build message
$message = ‘To ALL,’.”n”;
$message .= ”.$_GET[‘Comments’].”nnnn”;
$to = $row[‘Email’];
// echo $subject, “—“, $message ,”—” ,$to;
// echo “—–“;
// additional headers
$headers = “From: [email protected]”;
echo $subject, “—“, $message ,”—” ,$to ,”————–“,$headers;
// send email
mail($to, $subject,$message);
mail($to, “Hello”, $message,$headers);
echo “Email is being sent—“;
}
echo “——————Email has been sent out———————-“;
The issue that i have is that when i put the $subject in the Mail it gives me the following error
Warning: mail() [function.mail]: Bad parameters to mail() function, mail not sent. in /home/content/83/11273183/html/Admin/EmailOut/emailout.php on line 65
When i do the echo this is what i get
[email][email protected][email][email protected]
Any idea why it dont work with $subject
Sign in
to post a comment2 Comments(s) ↴
0
@NogDogAug 07.2013 — #In order to avoid email header injections, you might want to at least do something like:[code=php]$subject = preg_replace('/[rn]+/', ' ', $_GET['Subject']);[/code](You might also want to do the same thing for $to if you have not similarly sanitized the email address before storing it in the DB -- and not whatever sanitizing you do to prevent SQL injection, which is a separate issue.)