Home/ Questions/Q 8768601
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T17:06:37+00:00

I am having some problems with a script, basically what I want the script

  • 0

I am having some problems with a script, basically what I want the script to do is get the form data and post to the database (its doing this fine) then I want it to send a thank you email, this is the bit that isn’t working, its just not coming through. Also from what I can tell, the script will send the email even if it fails to execute the script, how do I get around this.

I am fairly new to PHP and just discovering what it can do so I really appreciate your help.

<?php 

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);

$name = $_POST['name'];
$email = $_POST['email'];


require_once('Connections/connection.php');
mysql_select_db($database_connection);

$query = "INSERT INTO mailing_list ( name, email)
        VALUES ( '$name', '$email');";
mysql_query($query);

mysql_close();

if(IsInjected($visitor_email))
{
    echo "Bad email value!";
    exit;
}

 $email_from = 'mailinglist@myemail.com';
    $email_subject = "Welcome to our mailinglist";
    $email_body = "
$name,

Welcome to our mailing list, we will now keep you updated on whats going on here.

To unsubscribe go to.".


  $to = "$email";
  $headers = "From: $email_from \r\n";
  $headers .= "Reply-To: $email \r\n";
  mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: thank-you.php');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}


 ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here’s your code reworked using PDO. I also removed the reply-to value, since I don’t know that you can use the users email as the reply-to, email clients may block it.

    <?php 

error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);

$name = $_POST['name'];
$email = $_POST['email'];

//I recommend rewriting this to NOT use mysql_* functions and instead use PDO
//The documentation is located at http://www.php.net/manual/en/book.pdo.php
/*
require_once('Connections/connection.php');
mysql_select_db($database_connection);
*/
$host = 'host_name';
$dbname = 'database_name';
$user = 'user_name';
$pass = 'user_pass';
try
{
    $DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); 
}
catch(PDOException $e)
{  
    echo $e->getMessage();  
}

$query = "INSERT INTO mailing_list ( name, email) VALUES ( '?', '?');";

$sth = $DB->prepare($query);

//This way only a success will send an email
if($sth->execute(array($name, $email)))
{
    if(IsInjected($email))
    {
        echo "Bad email value!";
        exit;
    }

    $email_from = 'mailinglist@myemail.com';
    $email_subject = "Welcome to our mailinglist";
    $email_body = "
    $name,

    Welcome to our mailing list, we will now keep you updated on whats going on here.

    To unsubscribe go to.".


    $to = $email;
    $headers = "From: $email_from \r\n";
    //I don't know that you can use the to email as the reply-to,
    //most emails will probably block that.
    mail($to,$email_subject,$email_body,$headers);
    //done. redirect to thank-you page.
    header('Location: thank-you.php');
}else{
    echo "Failed to insert into database.";
    exit;
}



// Function to validate against any email injection attempts
// Stole this from w3schools, because it is well done. link is at the bottom
    function spamcheck($field)
    {
        //filter_var() sanitizes the e-mail
        //address using FILTER_SANITIZE_EMAIL
        $field=filter_var($field, FILTER_SANITIZE_EMAIL);

        //filter_var() validates the e-mail
        //address using FILTER_VALIDATE_EMAIL
        if(filter_var($field, FILTER_VALIDATE_EMAIL))
        {
            return TRUE;
        }
        else
        {
            return FALSE;
        }
    }

 ?>

    Got the email cleaning function from W3Schools:

    http://www.w3schools.com/php/php_secure_mail.asp

    • 0