This should work

$q1= "SELECT email,name FROM newsletter WHERE validated = 'yes'";
$r1= mysql_query($q1);
$row= mysql_fetch_array($r1,MYSQL_ASSOC);
$email=$row['email'];
echo $email;

Thanks for the advice

I decided to go with something like this:

<? 

include("../../config.php"); 
include("../db-connect.php"); 


if(isset($submit)) 
{ 
if(empty($validated)) 
{ 
echo "<center><br><br><br> Error.<br> Go <a class=TN href=mail.php> back</a> and make your choice. </center>"; 
exit; 
} 
if(empty($message)) 
{ 
echo "<center><br><br><br> You are trying to send blank email. <br> Go <a class=TN href=mail.php> back</a> and write some text. </center>"; 
exit; 
} 

if($_POST[validated] == 'yes') 
{ 
$q1 = "select email, name from newsletter WHERE validated='yes' "; 
$r1 = mysql_query($q1) or die(mysql_error()); 
$name = $r1["name"]; 
} 


elseif($_POST[validated] == 'no') 
{ 
$q1 = "select email, name from newsletter WHERE validated='no' "; 
$r1 = mysql_query($q1) or die(mysql_error()); 
$name = $r1["name"]; 

} 



while($a1 = mysql_fetch_array($r1)) 
{ 
$name = $a1["name"]; 
$message = " Dear $name \n\n\n $message"; 
$from = "From: info@kimberleys.net.au"; 
mail($a1[0], $subject, $message, $from); 

} 
echo "<center><br><br><br>The mail was sent successfully. </center>"; 
unset($validated); 
exit; 
} 
?>

It is working however I am a bit concerned about security.
The script will be installed in a protected directory, do I need to add any code snippets to make it more secure?

Also, am I going to see problems like timeouts if i try and email 100's of members using this script?

You need to be more careful with your checking of incoming variables and quoting of array indices. Also, where does $subject come from?

<?php

include "../../config.php";
include "../db-connect.php";

if (isset($_POST['submit']))
{
	if (empty($_POST['validated'])
		|| !($_POST['validated'] == 'yes' || $_POST['validated'] == 'no'))
	{
		echo "<center><br><br><br> Error.<br> Go <a class=TN href=mail.php> back</a> and make your choice. </center>";
		exit;
	}
	if (empty($_POST['message']))
	{
		echo "<center><br><br><br> You are trying to send blank email. <br> Go <a class=TN href=mail.php> back</a> and write some text. </center>";
		exit;
	}

$query = "SELECT email, name FROM newsletter WHERE validated='{$_POST['validated']}'";
$result = mysql_query($query)
	OR die(mysql_error());

while ($row = mysql_fetch_assoc($result))
{
	$message = " Dear " . $row['name'] . " \n\n\n " . $_POST['message'];
	$from = "From: info@kimberleys.net.au";
	// where does $subject come from?
	mail($row['email'], $subject, $message, $from);
}
echo "<center><br><br><br>The mail was sent successfully. </center>";
exit;
}
?>

Hi,
thanks for the reply

subject and message come from the email form code found below the code I posted.

I am trying to get rid of the /'s that appear when using punctuation in the email by using 'stripslashes'...

But I cant work out the correct format to use here:

 while ($row = mysql_fetch_assoc($result)) 
    { 

    $message = " Dear " . $row['name'] . " \n\n" . $_POST['message']; 
    $from = "From: info@kimberleys.net.au"; 
    // where does $subject come from? 
    mail($row['email'], $subject, $message, $from); 
}

 

Any help would be greatly appreciated.