PHP ADVANCED

PHP Simple E-Mail

---

The simplest way to send an email with PHP is to send a text email.

In the example below we first declare the variables ($to, $subject, $message, $from, $headers), then we use the variables in the mail() function to send an e-mail:

<*?php $to = "someone@example.com"; $subject = "Test mail"; $message = "Hello! This is a simple email message."; $from = "someonelse@example.com"; $headers = "From:" . $from; mail($to,$subject,$message,$headers); echo "Mail Sent."; ?> PLEASE Remove Firstly All Asterics *

PHP Mail Form

---

With PHP, you can create a feedback-form on your website. The example below sends a text message to a specified e-mail address:

<*html> <*body> <*?php if (isset($_REQUEST['email'])) //if "email" is filled out, send email { //send email $*email = $*_REQUEST['email'] ; $*subject = $*_REQUEST['subject'] ; $*message = $*_REQUEST['message'] ; *mail("someone@example.com", "$subject", $*message, "From:" . $email); *echo "Thank you for using our mail form"; } else //if "email" is not filled out, display the form { echo "<*form method='post' action='mailform.php'> Email: <*input name='email' type='text' /> Subject: <*input name='subject' type='text' /> Message:<*br /> <*textarea name='message' rows='15' cols='40'> <*/textarea> <*input type='submit' /> <*/form>"; } ?> <*/body> <*/html> PLEASE Remove Firstly All Asterics *

This is how the example above works:

* First, check if the email input field is filled out
* If it is not set (like when the page is first visited); output the HTML form
* If it is set (after the form is filled out); send the email from the form
* When submit is pressed after the form is filled out, the page reloads, sees that the email input is set, and sends the email.

PHP E-mail Injections

---

<*html> <*body> <*?php if (isset($_REQUEST['email'])) //if "email" is filled out, send email { //send email $*email = $_REQUEST['email'] ; $*subject = $_REQUEST['subject'] ; $*message = $_REQUEST['message'] ; mail("someone@example.com", "Subject: $subject", $*message, "From: $email" ); *echo "Thank you for using our mail form"; } else //if "email" is not filled out, display the form { echo "<*form method='post' action='mailform.php'> Email: <*input name='email' type='text' /> Subject: <*input name='subject' type='text' /> Message: <*textarea name='message' rows='15' cols='40'> <*/textarea><*br /> <*input type='submit' /> <*/form>"; } ?> <*/body> <*/html> PLEASE Remove Firstly All Asterics *

PHP Stopping E-mail Injections

---

The best way to stop e-mail injections is to validate the input.

The code below is the same as in the previous chapter, but now we have added an input validator that checks the email field in the form:

<*html> <*body> <*?php *function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $*field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) {//if "email" is filled out, proceed //check if the email address is invalid $*mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else {//send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; *mail("someone@example.com", "Subject: $subject", $*message, "From: $email" ); *echo "Thank you for using our mail form"; } } else {//if "email" is not filled out, display the form echo "<*form method='post' action='mailform.php'> Email: <*input name='email' type='text' /> Subject: <*input name='subject' type='text' /> Message:<*br /> <*textarea name='message' rows='15' cols='40'> <*/textarea> <*input type='submit' /> <*/form>"; } ?> <*/body> <*/html> PLEASE Remove Firstly All Asterics *

Create an Upload-File Form

---

To allow users to upload files from a form can be very useful.

Look at the following HTML form for uploading files:

<*html> <*body> <*form action="upload_file.php" method="post" enctype="multipart/form-data"> <*label for="file">Filename:<*/label> <*input type="file" name="file" id="file" /> <*br /> <*input type="submit" name="submit" value="Submit" /> <*/form> <*/body> <*/html> PLEASE Remove Firstly All Asterics *

How to Create a Cookie?

---

The *setcookie() function is used to set a cookie.

Note: The setcookie() function must appear BEFORE the <*html> tag.

Example 1 setcookie("user", "Alex Porter", time()+3600); ?> <*html> ..... Example 2 $expire=time()+60*60*24*30; setcookie("user", "Alex Porter", $expire); ?> <*html> ..... PLEASE Remove Firstly All Asterics *

Basic Use of Exceptions

---

When an exception is thrown, the code following it will not be executed, and PHP will try to find the matching "catch" block.

If an exception is not caught, a fatal error will be issued with an "Uncaught Exception" message.

<*?php //create function with an exception function checkNum($number) { if($number>1) { throw new Exception("Value must be 1 or below"); } return true; } //trigger exception checkNum(2); ?> PLEASE Remove Firstly All Asterics *

Functions and Filters

---

To filter a variable, use one of the following filter functions:

* filter_var() - Filters a single variable with a specified filter
* filter_var_array() - Filter several variables with the same or different filters
* filter_input - Get one input variable and filter it
* filter_input_array - Get several input variables and filter them with the same or different filters.

$int = 123; if(!filter_var($int, FILTER_VALIDATE_INT)) { echo("Integer is not valid"); } else { echo("Integer is valid"); } ?> PLEASE Remove Firstly All Asterics *

THANK YOU