1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:26 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Sending a personalized mail from a form

         

Adam_Gold

8:23 pm on Apr 27, 2010 (gmt 0)

10+ Year Member



Hey there webmasters

need a little help with something.

I have a reffer form where my readers can enter their name and an email adress of a friend and then I send him an invitation on their behalf.

I want to personalize the email Im sending. I need help with the subject and the body of the mail. This is the code format I'm using:

<?php

$subject ="" ;
$body = "";

?>

So let's say my reader's name is John Doe, and he fills out his friends email.

I want the subject to say:
John Doe has sent you an invitation.

and the body to say:

Hy there!

Your friend, John Doe, has read my guide and thought you'd find it usefull.

Get your copy here:

=> (My Url)

Don't forget to thank him for it!

Enjoy your free guide,
- Adam
-----------------------------
so how do I do it?

I know how to send a regular mail by putting a string,
and I know how to use the variables from the form by the
$_POST["friend1"] command.

I just don't know how to put them together.

Yeah I know, this is probably a dumb question,
but I'm new to PHP so go easy on me please :)

Thanks in advance!

CyBerAliEn

8:33 pm on Apr 27, 2010 (gmt 0)

10+ Year Member



Your key, PHP's mail function. Reference:
[us2.php.net ]


Syntax:
bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )


You basically create 3 variables:
1) to
2) subject
3) message

You can add more (such as headers) to do more advanced stuff.

to = 'john@example.com'
subject = 'Come to My Site'
message = 'The text of your email message here'


To make the email custom, you can grab the "email" and such values from your user's form.


Be aware... you should put precautions in place. IE: A user cannot recommend more than 1 person every 5 seconds; etc. And you need to add code to block intercept/injection.

You don't want a user abusing your system to recommend 1000's of people in a matter of seconds. It is a drain on your server that could cause you a problem with your host (not to mention being labeled "SPAM").

Secondly... someone crafty can write their "friends name" in such a way that they hijack your email/form and can then send their own custom SPAM. A quick/simple way to address this: 

<?php
# Anti-header-injection - Use before mail()
# By Victor Benincasa <vbenincasa(AT)gmail.com>

foreach($_REQUEST as $fields => $value) if(eregi("TO:", $value) || eregi("CC:", $value) || eregi("CCO:", $value) || eregi("Content-Type", $value)) exit("ERROR: Code injection attempt denied! Please don't use the following sequences in your message: 'TO:', 'CC:', 'CCO:' or 'Content-Type'.");
?>

Code from comments section of PHP mail function page. Original reference to author/coder left intact.

Matthew1980

8:48 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there Adam_Gold,

Not a dumb question at all, we are all learners at this, just some people progress at different rates. I digress.

Right email formatting:) :-

<?php
$mailHeaders = "MIME-version: 1.0\r\n";
$mailHeaders .= "content-type: text/plain; charset=UTF-8\r\n";
$mailHeaders .= "From: <you@yoursite.co.uk>\r\n";

$mailTo = "joedoe@mysite.com\n\r";//or attach strip_tags($_POST['friend']) instead
$subject ="John Doe has sent you an invitation. \n\r" ;
$mailbody = "Hi there! \n\r";
$mailbody .= "Your friend, John Doe, has read my guide and thought you would find it useful. \n\r";
$mailbody .= "Get your copy here: www.yoursite.com\n\r";

mail($mailTo, $subject, $mailbody, $mailHeaders);
?>

That should get you started, I have specified plain text, but you can do html, a little more tweaking needed, but once you get the hang, you will be fine :)

Cheers,
MRb

Readie

8:58 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another option for preventing the mail-server hi-jacking:

Use a regular expression to validate it as an E-mail address. 
if(preg_match('/^([^@]+)@[a-z0-9][a-z0-9\-]{1,62}(\.[a-z]{2,4}|\.[a-z]{2,3}\.[a-z]{2})$/i', $_POST['email'], $out)) {
  if(filter_var($out[1], FILTER_VALIDATE_EMAIL, array('flags' => FILTER_NULL_ON_FAILURE))) { 
    // Send E-mail
  } else {
    // Error
  }
} else {
  // Error
}

Adam_Gold

9:05 pm on Apr 27, 2010 (gmt 0)

10+ Year Member



You guys thanks for the help!

Do you think I should be worried about
someone trying to spam from my form?

I mean this is not an internet marketing website.
It's about sports :)

what do you say?

Readie

9:07 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If a spammer can use your server to send spam (i.e. an IP address that is not currently flagged by the various E-mail providers as a spam producing IP) - then they will.

Cover your butt, it's hard to replace :)

Adam_Gold

9:33 pm on Apr 27, 2010 (gmt 0)

10+ Year Member



Ok then,
you convinced me :0

So tell me please,

What code exactly should I put and where?

Thanks again,
you guys rock,

- Adam

eelixduppy

9:44 pm on Apr 27, 2010 (gmt 0)



This is getting to be an old one, but the methods still apply here: [webmasterworld.com...]

CAPTCHA, or some derivative of it, is pretty standard for preventing these sort of exploits.

Readie

9:44 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hmm, I'm not sure what would be the best code here to use. They all have their merits.

Could make a bit of a combination of them to get extra security, but that'll increase the CPU cost. Guess it comes down to personal choice.

I also suggest doing a JavaScript regular expression test on the E-mail address supplied, just to try and take some of the hit away from the server. Won't stop spammers, but hey, it'll make a difference if you get a large number of people using your form.

Adam_Gold

9:52 pm on Apr 27, 2010 (gmt 0)

10+ Year Member



CPU cost ?
Explain it to the new guy please :)

And about the validation part,
It's kinda tricky because the form contains 3 addresses to input.

What happens if a reader fills out only one ortwo?

Is there a way to validate an email address only if that field has been feeled?

Readie

10:05 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



By CPU cost I mean how much processing power it takes to accomplish the task.

If you're using Windows: When you ctrl/alt/del and view the task manager, if you look at the status bar you'll notice it saying something like "CPU Usage: 17%". The higher that number is, the higher the CPU cost of whatever you have running at that period of time.

You can view it as a metric for page loading time. A higher CPU cost = a slower loading page.

Is there a way to validate an email address only if that field has been feeled?

Yup :) I'll use the validation code I used above, but I have not got any site where I use a system like this, so don't just assume that it's the one to use. Read the thread that eelixduppy linked above. 
$to = '';
if(isset($_POST['email_one']) && !empty($_POST['email_one'])) {
  if(preg_match('/^([^@]+)@[a-z0-9][a-z0-9\-]{1,62}(\.[a-z]{2,4}|\.[a-z]{2,3}\.[a-z]{2})$/i', $_POST['email_one'], $out)) {
    if(filter_var($out[1], FILTER_VALIDATE_EMAIL, array('flags' => FILTER_NULL_ON_FAILURE))) {
      $com = (empty($to))? '' : ', ';
      $to .= $com . $out[0];
    } else {
      // Error
    }
  } else {
    // Error
  }
}

Adam_Gold

9:50 am on Apr 28, 2010 (gmt 0)

10+ Year Member



I mean validation before it comes to the server,
in the form itself before it's submitted.

This is the form I'm using:

<input type="text" name="name" value="" size="20" tooltipText="Type in your first & last name in this box"/>

<input type="text" name="friend1" value="" size="20" tooltipText="Type in the email address of the first friend you want to help. We will never sell or distribute his email address."/>

<input type="text" name="friend2" value="" size="20" tooltipText="Type in the email address of the first friend you want to help. We will never sell or distribute his email address."/>

<input type="text" name="friend3" value="" size="20" tooltipText="Type in the email address of the first friend you want to help. We will never sell or distribute his email address."/>

So how do I validate each field, before it's submitted, but only if it's filled out?

Thanks again!

Readie

11:46 am on Apr 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hmm, try this: 

<form name="blah" method="post" action="/blah" [b]onsubmit="return paginate(this)"[/b]>
<input type="text" name="email_one" [b]id="email_one"[/b] />
<input type="text" name="email_two" [b]id="email_two"[/b] />
<input type="submit" />
</form>
<script type="text/javascript">

var emailone = document.getElementById("email_one").value;
var emailtwo = document.getElementById("email_two").value;
var emailpattern = "/^([^@]+)@[a-z0-9][a-z0-9\-]{1,62}(\.[a-z]{2,4}|\.[a-z]{2,3}\.[a-z]{2})$/i";
var val = 1;

function paginate(form) {
  if(emailone != NULL && emailone != "") {
    if(!emailpattern.test(emailone)) {
      return false;
      alert("Error:\nInvalid E-mail address entered in the first text box.");
      val = 2;
    }
  }
  if(val != 2 && emailtwo != NULL && emailtwo != "") {
    if(!emailpattern.test(emailtwo)) {
      return false;
      alert("Error:\nInvalid E-mail address entered in the second text box.");
      val = 2;
    }
  }
}

</script>

Adam_Gold

12:01 pm on Apr 28, 2010 (gmt 0)

10+ Year Member



tried it.

Nothing happens :(

Thanks anyway my friend

anyone else have ideas?

Readie

12:09 pm on Apr 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It's most likely me having made an error in the JavaScript somewhere. It really isn't my strong point :)

Ask in the JavaScript forums - you'll most likely get an answer there pretty quickly.

Adam_Gold

12:16 pm on Apr 28, 2010 (gmt 0)

10+ Year Member



ok great.

will that prevent the hijacking spammers also?

Readie

12:18 pm on Apr 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



JavaScript alone cannot protect you from malicious intent: The only reason to include it is it happens client side, so there's no cost to your server when a user enters incorrect data.

Adam_Gold

12:34 pm on Apr 28, 2010 (gmt 0)

10+ Year Member



Got it.
So what EXACTLY should I put in the php script to protect it?

this is the code I'm using:

<?php
$to = $_POST["friend1"];
$subject = $head;
$body = $message;
$headers = "From: adam.goldman@example.com";
if (mail($to, $subject, $body, $headers)) {
echo("<p>Your invitation has been sent to </p>");
} else {
echo("<p>There was an error sending your invitation to </p>");
}
?>

[edited by: eelixduppy at 1:10 pm (utc) on Apr 28, 2010]
[edit reason] exemplified [/edit]

Readie

12:53 pm on Apr 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Read some of the earlier posts, the example I wrote above denotes a method of protection.

Permalink [webmasterworld.com]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:26 pm Apr 28, 2026