Blogging

When it comes to choosing an anti-virus program or a security program for your computer there really are a lot of programs to choose from. What many people don’t know is which security program will work best for their computer. A lot really does depend on what you use your computer for.For

For example, if you or someone in your household uses the computer to download various computer games than you will need to choose a program that will spot a problem before or during the downloading process. You also want to find a virus program that will not interfere with your game while you are playing on line if this is what you like to do. Some just end up turning the anti virus firewall off so that it no longer interferes with their game. The problem is that your computer is no longer safe and protected.

A good option for those who like to play online games is the Avira Premium Security Suite. It only requires a few your computers resources but gives you the best protection. Basically, this means that it will not interfere with your game while scanning your computer during game lay. All you have to do is make sure that you set the security settings to game mode before you begin to play. For more information, you can visit their website at

If you want to be warned before you even enter a website then you should try the McAfee Site Advisor. This program will help to protect you from exposure to sites that have dangerous programs that can cause serious damage to your computer. It will also automatically update itself so that you will be able to get warnings on even the newest sites.

For more information, you can visit www.avira.com. If you are more concerned about the threat of bots and botnets, then you would want to try Symantec’s Norton Antibot program. This program will scan your computer while you are online and find the bots before they begin to dismantle your computer. This program also will work with any existing antivirus program that you currently have on your computer. www.siteadvisor.com.

If you want to try something that is free you can give the Secunia Software Inspector a try. You can visit www.secunia.com to find out what computer requirements you need for this program. This program will scan your computer for software vulnerabilities, and give you some tips and instructions on how to repair those vulnerabilities.

It is also pretty easy for anyone to use. Of course, when it comes to using anything for free you still want to be cautious, especially when it comes to downloading programs from the internet. Last but certainly not least on the list is the McAfee Virus Scan program. They offer daily virus updates which include adware and spyware detection and removal.

I must say that the McAfee virus program is one of the easiest that I have ever used and has worked well even when I am constantly on the internet. The bottom line when it comes to security programs for your computer you really do have to take the time to do your research and find out which one will be best suited for you and your family.

PHP makes creating a text file simple. All we need to do is open the file, write some contents, then close it.

  1. <?php
  2.    $file = fopen(“test.txt”, “w+”); // Open the file
  3.    fwrite($file, “Hello World!”);   // Write to the file
  4.    fclose($file);                   // Close the file
  5. ?>

PHP PDO

What is PHP PDO

PHP Data Objects is a object oriented approach to databases and an abstraction layer. PDO was originally a PECL extension but it was moved into the PHP base in version 5.1 providing a standardised way of accessing and manipulating databases.

Why use PDO

Using PDO has a number of advantages:

  1. Store database connections in an object
  2. Escape sql depending on the database back end automatically
  3. Creates portable code
  4. Verifies SQL syntax before executing the statement
  5. Verifies variable types (Whether inverted commas are needed or not)
  6. Standardised database access provides a method for porting your code to multiple database platforms

Connect to the database

Connecting to the database is easy. All we need to do is create a new instance of the PDO object.

PDO  ( string $dsn  [, string $username  [, string $password  [, array $driver_options  ]]] )

To create a PDO object we need a DSN, and optionally a user name and password.

DSN – Database Source Name

DSN’s are way of describing a database connection usually used with abstraction layers like PDO and ODBC. DSN’s usually contain:

  1. The database driver
  2. The database host
  3. The database name

Mysql Example

This example connects to a MySQL database, on localhost and using the database called “db”.

  1. $db_conn = new PDO(“mysql:host=localhost;dbname=db”, $username, $password);

SQLite Example

This example connects to a SQLite database in the same folder as PHP’s current working directory. More SQLite examples available here.

  1. $db_conn = new PDO(“sqlite:test_database”););

PostgreSQL Example

This example connects to a PostGreSQL database called “test_database” on localhost using $username, and $password.

  1. $db_conn = new PDO(“pgsql:dbname=test_database;user=” . $username . “;password=” . $password . “;host=localhost”);

Your first query

Queries using PDO are best done by connecting to the database, preparing your query, executing it, then fetching the results. This simple query connects to a Mysql server, on localhost, with a database named “db” using $username and $password as username and password respectively.

  1. <?php
  2. $db_conn = new PDO(“mysql:host=localhost;dbname=db”, $username, $password); // Connect to the database
  3. $query = $db_conn->prepare(“select * from users order by last_name”);       // Create a prepared statement
  4. $query->execute();                                                          // Execute the query
  5. while($row = $query->fetch())                                               // Loop through the results
  6. {
  7.    var_dump($row);                                                          // Dump the results to output
  8. }
  9. ?>

Queries with variables

Even though I could easily string concatenation to create a dynamic where clause in the previous query, we can’t do this safely because we would be vulnerable to SQL injection attacks what can leave us losing data, or worse, people running arbitrary queries on your database.

Prepared statements are a feature in some database abstraction layers which increase security by allowing us to create a template SQL query which will be tested against the database to check for syntax errors, and then escape any variables we want to use in the template. This is important because it gives us a way of escaping the SQL based on the PDO driver that we are using without needing to know what the DBMS servers SQL escaping requirements are.

Variables in prepared statements can be defined as a “?” symbol or a text with a prefixed colon (eg “:test”).

  1. <?php
  2. $db_conn = new PDO(“mysql:host=localhost;dbname=db”, $username, $password);                  // Connect to the database
  3. $query = $db_conn->prepare(“select * from users where first_name=:name order by last_name”); // Create a prepared statement with the variable “:name”
  4. $query->bindParam(“:name”, $name);                                                          // Set the template variable “:name” to the PHP variable $name
  5. $query->execute();                                                                           // Execute the query
  6. while($row = $query->fetch())                                                                // Loop through the results
  7. {
  8.    var_dump($row);                                                                           // Dump the results to output
  9. }
  10. ?>

Database Rows

The results from your PDO using the fetch method will be returned as an array containing two versions of data, the first being an indexed array, and the second will be an associative array with the key being the name of the column.

  1. <?php
  2. $db_conn = new PDO(“mysql:host=localhost;dbname=db”, $username, $password);                     // Connect to the database
  3. $query = $db_conn->prepare(“select first_name, last_name from users where first_name=’Leigh'”); // Create a prepared statement
  4. $query->execute();                                                                              // Execute the query
  5. while($row = $query->fetch())                                                                   // Loop through the results
  6. {
  7.    var_dump($row);                                                                              // Dump the results to output
  8. }
  9. ?>

Returns

array(4) {
  [0]=>
  string(5) "Leigh"
  [1]=>
  string(5) "Finch"
  ["first_name"]=>
  string(5) "Leigh"
  ["last_name"]=>
  string(5) "Finch"
}

Associative results

While having both sets of data can be an advantage, it can be a waste of memory and reduce performance when manipulating large result sets. To reduce the memory footprint of a script it can be useful to return only the associative array, this can be done by passing the PDO associative array constant to fetch (PDO::FETCH_ASSOC).

One of the major advantages of having associative results as opposed to indexed results is that your code will be able to handle changes to the database schema without modification so your code will retain data independence.

  1. <?php
  2. $db_conn = new PDO(“mysql:host=localhost;dbname=db”, $username, $password);                     // Connect to the database
  3. $query = $db_conn->prepare(“select first_name, last_name from users where first_name=’Leigh'”); // Create a prepared statement
  4. $query->execute();                                                                              // Execute the query
  5. while($row = $query->fetch(PDO::FETCH_ASSOC))                                                   // Loop through the results
  6. {
  7.    var_dump($row);                                                                              // Dump the results to output
  8. }
  9. ?>

Returns

array(2) {
  ["first_name"]=>
  string(5) "Leigh"
  ["last_name"]=>
  string(5) "Finch"
}

Create PDF

Why create a PDF in PHP

Creating PDF’s in PHP allows us to dynamically create great looking dynamic documents that will look the same no matter what platform the end user is using. Typical uses for this can be creating invoices, advertisments, and various other personalized documents.

How do we create a PDF in PHP

There are a number of options for creating PDF’s in PHP, some are free like FPDF, some are not like pdflib, this tutorial will focus on the excellent FPDF library.

FPDF website

What is FPDF

FPDF is a pure PHP PDF library, meaning that it has been written from the ground up in PHP and has no external dependancies.

Downloading FPDF

Go to the download section of the FPDF website, create a folder on your webserver called fpdf, and unzip the contents of the download there.

Creating your first PDF

This example will create a PDF and write ‘Hello World!’.

  1. <?php
  2.          require(“fpdf/fpdf.php”);            // Load the fpdf library
  3.          $pdf=new FPDF();                     // Create a new instance of the fpdf object
  4.          $pdf->AddPage();                     // Add Page 1
  5.          $pdf->SetFont(‘Arial’,,12);        // Set the font to Arial, no bold, italics or underline, 12 point
  6.          $pdf->SetXY(85, 145);                // Move the current co-ordinates for the write
  7.          $pdf->Cell(40,6,‘Hello World!’);     // Create a text cell, 40mm wide, 6mm high, with the text “Hello World!”
  8.          $pdf->Output();                      // Output the PDF
  9. ?>
  • Line 2: Include the FPDF library so that we can use it.
  • Line 4: Create a new instance of an FPDF object which we will name $pdf.
  • Line 5: Create the first page
  • Line 7: Set the font to Arial, using 12 point
  • Line 8: Set the cordinates to create the cell to 85mm across and 145 mm down
  • Line 9: Create a cell and write “Hello World!”
  • Line 11: Out put the PDF and the appropriate PDF HTTP headers

Adding an image

To Add an image we need to use the fpdf image method. FPDF supports PNG and JPEG formats, that are on the local file system. If you want to use an image from a different source such as raw GD data you will need to output the pdf to a temp file, and then reference that temp file in the the FPDF image method.

For PNG images the alpha channel is not supported (transparency).

Image(string file, float x, float y [, float w [, float h [, string type [, mixed link]]]])
  1. <?php
  2.         require(“fpdf/fpdf.php”);            // Load the fpdf library
  3.         $pdf=new FPDF();                     // Create a new instance of the fpdf object
  4.         $pdf->AddPage();                     // Add Page 1
  5.         $pdf->Image(“php.png”, 40, 40);      // Place the file php.png 40 mm across, and 40 mm down the page
  6.         $pdf->Output();                      // Output the PDF
  7. ?>

Troubleshooting

Alpha channel is present

FPDF does not support the alpha channel/transparency, resave the image without an alpha channel.

Error:

FPDF error: Alpha channel not supported: php.png

Pear Mail

What is the Pear Mail extension

The Pear mail extension is an easy object oriented approach to sending email with PHP.

It can allow you to send multi-part MIME email without needing to know how things like boundaries and mime types work.

Why

PHP already has the command mail which can send email, and it’s already built into the base of PHP.

This method is good, and I have used it many times, but in order to send complex emails including attachments and protect against mail header injection attacks, you need to have an in depth understanding of how email and MIME works.

The Pear Mail extension allows us to do this easily, quickly, and more importantly, it has been tested thoroughly, probably more so than any email code that we write.

Installing the Pear mail extension

If you already have pear installed on your server, you can install the pear mail extension by entering the following command.

# pear install mail
# pear install Net_SMTP
# pear install mail_mime

This will put the libraries that we need to use in PHP’s include path for your operating system.

Sending your first email

This example shows how to create an email which will display html in html capable email clients, and text in non capable email clients.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                              // Your name and email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                           // The Recipients name and email address
  7.         $subject = “Test Email”;                                            // Subject for the email
  8.         $text = ‘This is a text message.’;                                  // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;  // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         $body = $mime->get();
  22.         $headers = $mime->headers($headers);
  23.         // Sending the email
  24.         $mail =& Mail::factory(‘mail’);
  25.         $mail->send($recipient, $headers, $body);
  26. ?>

Adding attachments

Adding one attachment

Adding 1 or many attachments is easy, adding the attachment is done by calling the addAttachment method, This method can be called multiple times to add multiple attachemnts.

boolean addAttachment (string $file, string [$c_type = 'application/octet-stream'], string [$name = ], boolean [$isfile = TRUE], string [$encoding = 'base64'])

Variables:

  1. $file: either the variable containing the content of a file, or the path of the file itself
  2. $c_type: content type, meaning the mime type of file eg. text/plain, text/csv, Application/pdf
  3. $name: The name of the file as you want it to appear in the email, this should be unique
  4. $isFile: whether the variable $file is the path to the file, or the content of the file
  5. $encoding: This should usually be left as the default unless you know what you are doing

Attachments can be either stored in a variable, or in a file on the servers file system. in this first example I will create a small text file named ‘hello text.txt’, with the words ‘Hello World!’ in it.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                              // Who your name and email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                           // The Recipients name and email address
  7.         $subject = “Test Email”;                                            // Subject for the email
  8.         $text = ‘This is a text message.’;                                  // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;  // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         // Add an attachment
  22.         $file = “Hello World!”;                                      // Content of the file
  23.         $file_name = “Hello text.txt”;                               // Name of the Attachment
  24.         $content_type = “text/plain”;                                // Content type of the file
  25.         $mime->addAttachment ($file, $content_type, $file_name, 0);  // Add the attachment to the email
  26.         $body = $mime->get();
  27.         $headers = $mime->headers($headers);
  28.         // Sending the email
  29.         $mail =& Mail::factory(‘mail’);
  30.         $mail->send($recipient, $headers, $body);
  31. ?>

Adding multiple attachments

As in the previous section, adding multiple attachments is as rasy as calling addAttachment again. In this example I will send an email with two text attachments.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                              // Who your name and email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                           // The Recipients name and email address
  7.         $subject = “Test Email”;                                            // Subject for the email
  8.         $text = ‘This is a text message.’;                                  // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;  // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         // Add an attachment
  22.         $file = “Hello World!”;                                      // Content of the file
  23.         $file_name = “Hello text.txt”;                               // Name of the Attachment
  24.         $content_type = “text/plain”;                                // Content type of the file
  25.         $mime->addAttachment ($file, $content_type, $file_name, 0);  // Add the attachment to the email
  26.         // Add a second attachment
  27.         $file = “Hello World! Again :)”;                             // Content of the file
  28.         $file_name = “Hello text 2.txt”;                             // Name of the Attachment
  29.         $content_type = “text/plain”;                                // Content type of the file
  30.         $mime->addAttachment ($file, $content_type, $file_name, 0);  // Add the attachment to the email
  31.         $body = $mime->get();
  32.         $headers = $mime->headers($headers);
  33.         // Sending the email
  34.         $mail =& Mail::factory(‘mail’);
  35.         $mail->send($recipient, $headers, $body);
  36. ?>

Adding an attachment from the file system

Adding an attachment from the file system is easy, instead of specifying the contents of the file, we enter the path to the file and change the $isFile variable. In this example I will attach a PDF called ‘example.pdf’ which is located in the same folder as this script.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                              // Who your name and email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                           // The Recipients name and email address
  7.         $subject = “Test Email”;                                            // Subject for the email
  8.         $text = ‘This is a text message.’;                                  // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;  // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         // Add an attachment
  22.         $file = “example.pdf”;                                       // Content of the file
  23.         $file_name = “example.pdf”;                                  // Name of the Attachment
  24.         $content_type = “Application/pdf”;                           // Content type of the file
  25.         $mime->addAttachment ($file, $content_type, $file_name, 1);  // Add the attachment to the email
  26.         $body = $mime->get();
  27.         $headers = $mime->headers($headers);
  28.         // Sending the email
  29.         $mail =& Mail::factory(‘mail’);
  30.         $mail->send($recipient, $headers, $body);
  31. ?>

Notice specifically in this example that I kept the file name in the email the same as the original, although I could just as easily change it. Additionally the the last variable in the method addAttachment was 1, this is to tell it that $file is the path to the file.

Sending to multiple recipients

The Pear mail package can accept an array of recipients or a list opf comma separated email addresses. In this example we will use an array called $recipients.

For the best performance sending to multiple recipients we should use SMTP as it only has to connect to the SMTP server once.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                              // Who your name and email address
  6.         $recipients = array();
  7.         $recipients[] = “Leigh account 1 <leigh_1@no_spam.net>”;            // Recipient name and email address
  8.         $recipients[] = “Leigh account 2 <leigh_2@no_spam.net>”;            // Recipient name and email address
  9.         $subject = “Test Email”;                                            // Subject for the email
  10.         $text = ‘This is a text message.’;                                  // Text version of the email
  11.         $html = ‘<html><body><p>This is a html message</p></body></html>’;  // HTML version of the email
  12.         $crlf = \n;
  13.         $headers = array(
  14.                         ‘From’          => $sender,
  15.                         ‘Return-Path’   => $sender,
  16.                         ‘Subject’       => $subject
  17.                         );
  18.         // Creating the Mime message
  19.         $mime = new Mail_mime($crlf);
  20.         // Setting the body of the email
  21.         $mime->setTXTBody($text);
  22.         $mime->setHTMLBody($html);
  23.         $body = $mime->get();
  24.         $headers = $mime->headers($headers);
  25.         // Sending the email
  26.         $mail =& Mail::factory(‘mail’);
  27.         $mail->send($recipients, $headers, $body);
  28. ?>

Sending using SMTP

This example shows how to send an email using SMTP instead of the built in PHP mail() function. This is useful if you want to send using a remote server.

  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “Leigh <leigh@no_spam.net>”;                                  // Your name and email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                               // The Recipients name and email address
  7.         $subject = “Test Email”;                                                // Subject for the email
  8.         $text = ‘This is a text message.’;                                      // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;      // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         // Add an attachment
  22.         $file = “Hello World!”;
  23.         $file_name = “Hello text.txt”;
  24.         $content_type = “text/plain”;
  25.         $mime->addAttachment ($file, $content_type, $file_name, 0);
  26.         // Set body and headers ready for base mail class
  27.         $body = $mime->get();
  28.         $headers = $mime->headers($headers);
  29.         // SMTP params
  30.         $smtp_params[“host”] = “smtp.example.com”; // SMTP host
  31.         $smtp_params[“port”] = “25”;               // SMTP Port (usually 25)
  32.         // Sending the email using smtp
  33.         $mail =& Mail::factory(“smtp”, $smtp_params);
  34.         $result = $mail->send($recipient, $headers, $body);
  35.         if($result === 1)
  36.         {
  37.           echo(“Your message has been sent!”);
  38.         }
  39.         else
  40.         {
  41.           echo(“Your message was not sent: “ . $result);
  42.         }
  43. ?>

Sending using authenticated SMTP

This example shows how to send an email using SMTP authentication. This particular example uses gmail to send. Gmails requirements for sending via SMTP are SMTP authentication with TLS. Fortunately, when we use authentication with Pear Mail, the connection is automatically TLS.

The difference between This example, and the previous example just using SMTP is the addition of the following SMTP parameters.

$smtp_params["auth"]     = true;
$smtp_params["username"] = "user@gmail.com";
$smtp_params["password"] = "pass";
  1. <?
  2.         include(‘Mail.php’);
  3.         include(‘Mail/mime.php’);
  4.         // Constructing the email
  5.         $sender = “user@gmail.com”;                                             // Your email address
  6.         $recipient = “Leigh <leigh@no_spam.net>”;                               // The Recipients name and email address
  7.         $subject = “Test Email”;                                                // Subject for the email
  8.         $text = ‘This is a text message.’;                                      // Text version of the email
  9.         $html = ‘<html><body><p>This is a html message</p></body></html>’;      // HTML version of the email
  10.         $crlf = \n;
  11.         $headers = array(
  12.                         ‘From’          => $sender,
  13.                         ‘Return-Path’   => $sender,
  14.                         ‘Subject’       => $subject
  15.                         );
  16.         // Creating the Mime message
  17.         $mime = new Mail_mime($crlf);
  18.         // Setting the body of the email
  19.         $mime->setTXTBody($text);
  20.         $mime->setHTMLBody($html);
  21.         // Add an attachment
  22.         $file = “Hello World!”;
  23.         $file_name = “Hello text.txt”;
  24.         $content_type = “text/plain”;
  25.         $mime->addAttachment ($file, $content_type, $file_name, 0);
  26.         // Set body and headers ready for base mail class
  27.         $body = $mime->get();
  28.         $headers = $mime->headers($headers);
  29.         // SMTP authentication params
  30.         $smtp_params[“host”]     = “smtp.gmail.com”;
  31.         $smtp_params[“port”]     = “25”;
  32.         $smtp_params[“auth”]     = true;
  33.         $smtp_params[“username”] = “user@gmail.com”;
  34.         $smtp_params[“password”] = “pass”;
  35.         // Sending the email using smtp
  36.         $mail =& Mail::factory(“smtp”, $smtp_params);
  37.         $result = $mail->send($recipient, $headers, $body);
  38.         if($result === 1)
  39.         {
  40.           echo(“Your message has been sent!”);
  41.         }
  42.         else
  43.         {
  44.           echo(“Your message was not sent: “ . $result);
  45.         }
  46. ?>

Security

One of the major concerns of people sending automated emails using PHP is header injection. Mail header injection is the process of inserting additional fields into the mail headers such as extra “bcc” and “to” fields. This can be used by spammers to utilize your server to send spam and consequently having your server blacklisted by real time blacklists.

Pear mail automatically sanitizes the headers you pass to it so that we don’t have to worry about it. The following code is what is used to sanitize the headers.

  1. /**
  2.  * Sanitize an array of mail headers by removing any additional header
  3.  * strings present in a legitimate header’s value.  The goal of this
  4.  * filter is to prevent mail injection attacks.
  5.  *
  6.  * @param array $headers The associative array of headers to sanitize.
  7.  *
  8.  * @access private
  9.  */
  10. function _sanitizeHeaders(&$headers)
  11. {
  12.   foreach ($headers as $key => $value) {
  13.   $headers[$key] =
  14.     preg_replace(‘=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i’,
  15.       null, $value);
  16.   }
  17. }

Taken from Mail.php authored by Chuck Hagenbuch Copyright (c) 1997-2003 The PHP Group version 2.02 of the PHP license

Troubleshooting

Pear not up to date

If you get the following:

# pear install mail_mime
pear/Mail_Mime requires PEAR Installer (version >= 1.6.0), installed version is 1.4.9
pear/Mail_mimeDecode requires PEAR Installer (version >= 1.6.0), installed version is 1.4.9
pear/Mail_mimeDecode requires package "pear/Mail_Mime" (version >= 1.4.0, excluded versions: 1.4.

Run the following to upgrade Pear and you will be able to install Mail/Mime:

# pear upgrade-all

Pear Channels protocol not up to date

If you get:

# pear install mail
WARNING: channel "pear.php.net" has updated its protocols, use "channel-update pear.php.net" to update

Run the following to update:

# pear channel-update pear.php.net

Emails not being sent

View the return value form the line

$mail->send($recipient, $headers, $body);

eg.

echo($mail->send($recipient, $headers, $body));