Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
In school we were told not to use the mail() function for mass mailing. I didn't understand the reason why not with the looping or something like that (please explain if you know why). What other options do I have in order to mail about 5,000 users?
3 replies to this topic
Back to top|
|
|
#2
Guest_Jordan_*
Posted 18 December 2007 - 07:13 AM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
I've read that is uses more resources and is slower but I can't find any articles about it. I know that the mail() function can be used in Email Injection hacks as well.
#3
Posted 19 December 2007 - 09:46 AM
CygnetGames
-
- Members
-
- 119 posts
Programmer
It's because of "email injection attacks".
This is where someone using your website abuses your email form to send mail to whoever they want. The PHP mail() function is particularly vulnerable to this - which is why you will have been told not to use it.
It is safe to use it if you understand how injection attacks work and you know how to validate your input. At school, they probably didn't want to take the time to teach you about injection/security/validating input, and they would have to make sure that you all understood in perfectly before letting you put webpages on the internet with potentially vulnerable mail scripts in them.
If you want to send email but don't want the headache of doing the security yourself, there are some packages that will handle the security for you. Zend_Mail, Swift and Pear Mail will do this.
See this page for some more info:
Email Injection - SecurePHP
This is where someone using your website abuses your email form to send mail to whoever they want. The PHP mail() function is particularly vulnerable to this - which is why you will have been told not to use it.
It is safe to use it if you understand how injection attacks work and you know how to validate your input. At school, they probably didn't want to take the time to teach you about injection/security/validating input, and they would have to make sure that you all understood in perfectly before letting you put webpages on the internet with potentially vulnerable mail scripts in them.
If you want to send email but don't want the headache of doing the security yourself, there are some packages that will handle the security for you. Zend_Mail, Swift and Pear Mail will do this.
See this page for some more info:
Email Injection - SecurePHP
#4
Guest_NeedHelp_*
Posted 24 January 2008 - 02:58 PM
Guest_NeedHelp_*
Guest_NeedHelp_*
-
- Guests
I've never heard this and always used mail() blindly. Thanks for the info!
