Anyone any good with email forms

ecreative

I really need help making a emailing script that sends emails via a script to all my members. below is the code i use to process the emails, which currenly makes it so I have to add each email on its own. But I have an SQL database with all the emails stored.

So I need to know how to get the database to work with this script.

<?php
// multiple recipients
$to = 'aidan@example.com' . ', '; // note the comma
$to .= 'wez@example.com';
// subject
$subject = 'to be added';
// message
$message = 'to be added';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'From: Everything Creative <noreply@everythingcreative.co.uk>' . "\r\n";
// Mail it
mail($to, $subject, $message, $headers);
?>

Someone please help!

Kudose

This should help you out a little...

<?php
  //edit the column and table name
  $sql = mysql_query("SELECT emailaddress FROM table");
  while($fetch = mysql_fetch_array($sql)){
    //edit the column name to match above
    $to = $fetch['emailaddress'];
    //edit Your Name and YOUR@EMAIL.COM only -- OE headers for Hotmail acceptance
    $from = "FROM: Your Name\r\nREPLY-TO: YOUR@EMAIL.COM"
            	."\r\nX-MSMail-Priority: High"
            	."\r\nX-Mailer: Microsoft Outlook Express 6.00.2900.2180"
            	."\r\nX-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180"
            	."\r\nContent-type: text/html; charset=iso-8859-1\r\n";
    //edit the subject
    $subject = "Message Subject";
    //edit the message --- can be pulled from DB
    $message = "Your message here.";
    if(mail($to, $subject, $message, $from))
      echo 'Message sent to: '.$to;
    else
      echo 'Message NOT sent to: '.$to;
  }
?>

Nugen

both of the above examples are capable of having header injects if the variables for subject, msg, sender go unchecked.

here's an example of checking these fields for injections. you can call this function on any variable. use this function before forming your headers on the raw submitted fields.

it returns 1 if the variable pass's and 0 if it is finds an injection.

function SMTPInjectCheck($T_DATA_CLEAN) 
{
	if (!empty($T_DATA_CLEAN)) {
		//check for header injection
		$T_DATA_CLEAN=str_replace("%20", " ", $T_DATA_CLEAN);
		if (eregi("\r", $T_DATA_CLEAN) || eregi("\n", $T_DATA_CLEAN) || eregi("Content-", $T_DATA_CLEAN)){
			return 0;
		} else {
			return 1;
		}
	} else {
 		//empty 
		return 1;
	}
}