On the Dream In Code forums there's a recent post showing you how to prevent mail() header injections when taking user input, like from a form.

PHP's mail() function is a very useful and powerful function, even to the point that it is very easy to exploit. A way hackers exploit this function is a method called email header injection. [...] I'm sure most of you can already tell that's not going to be pretty since we didn't check the user input and so forth. PHP provides us with functions such as filter_var which will validate user input and either return false if the validation fails or return the filtered data.

He includes an example of using this filtering methods to check the user input for malicious information - validating that the "to" address is a valid email (FILTER_VALIDATE_EMAIL) and a sanitize() method that removes things like newlines, carriage returns and a few other characters.

On NetTuts.com today there's a new tutorial showing you how to send text messages via SMS directly from your script to the user's cell phone.

Text messaging has become extremely widespread throughout the world - to the point where an increasing number of web applications have integrated SMS to notify users of events, sales or coupons directly through their mobile devices. In this tutorial, we will cover the fundamentals of sending text messages with PHP.

Their method "cheats" a little bit and uses an interface many of the cell phone providers offer to their subscribers - a link from an email address to SMS. Most providers have their domains you can send the email to and have it automatically forwarded to the user's cell as a text. Thankfully, this requires nothing more than the mail function to accomplish. They include the sample code and HTML+CSS to make a basic form as well as mention PHPMailer as a more powerful mailing alternative.

New on PHPBuilder.com today there's a tutorial showing you how to download and parse messages from Google Mail. In their case it's grabbing and parsing submissions from a form.

Some friends of mine publish a literary journal that accepts submissions via email. At their request I wrote a script to download messages from the journal's Gmail account and do some simple parsing tasks. Most of the submissions are made using an HTML form and a corresponding mailer script on their website, so I knew the precise format of the incoming messages (see Figure 1). What I didn't know was how to access Gmail in PHP.

He tried out the libgmailer script first, but ran into roadblocks until he realized he could use something PHP already had - the imap functions. With these he shows how to make a connection to the Gmail servers, get the listing of messages and pull out the body for the one you want to parse.

In his development on a Windows environment, Daniel Cousineau has come across a hurdle - sending emails from his local machine from his PHP scripts. Thankfully he's found a solution and has shared it in a new blog post.

Previously it was a simple trek to a website to download a Windows build of sendmail.exe, but for some reason I cannot get access to it, so I have to go another route. Enter hMailServer, a free, full-featured SMTP/POP/IMAP server for Windows with a pretty, shiny GUI configuration interface. All I really want to do is setup SMTP for localhost only but one could easily use hMailServer as a production mail server.

He includes the details (along with some screenshots) to get the hMainServer software up and running. Thanks to the simple GUI the tool offers you can be up and working in a few clicks - oh, and a change to your php.ini file.

On the PHPClasses.org blog Manuel Lemos has a recent post looking at a method for sending emails using a remote SMTP server (like Google or Yahoo's) via this package.

In most hosting environments, the PHP mail() function is sufficient to send e-mail messages without problems. However, there are situations on which using the mail function is inconvenient and may prevent that your messages reach the destination. [...] Therefore, you may need to find an alternative way for sending your e-mail messages from PHP.

The package lets you define a username/password, server, whether to use a SSL connection or not, and if the connection needs to use the TLS protocol.

NETTUTS.com has posted a list of nine libraries you can use to quickly and easily add functionality to your web application.

A lot of functionality is shared among applications - like sending emails or preventing spam. In the spirit of reusing the wheel instead of reinventing it, here are nine free web libraries that you can use in your next program which will dramatically increase your efficiency.

Here's their list:

• ReCAPTCHA
• Akismet
• Services_JSON
• Smarty
• pChart
• SimplePie
• XML-RPC PHP Library
• Amazon S3
• PHPMailer

Screenshots (and code examples) are provided for several of the items as well as links to their website and documentation pages.

Ilia Alshanetsky has officially submitted his logging patch for the mail function in PHP:

I've finally got of my ass and committed my mail logging patch I've written almost 2 years ago. This functionality is predominantly aimed at shared hosters that often have a problem identifying people who abuse the mail() function to send an in-ordinate amount of spam or hacked scripts used for the some purpose. The logging functionality is disabled by default but can be enabled on a per-directory or globally via 2 INI settings.

A new directive in your php.ini file (mail.log) lets you specify where the mail log needs to go. You can also use the mail.add_x_header setting to add in a mail header with the name of the script that sent it (and the UID).

It will be included in PHP 5.3 but if you're running PHP 5.2 and want to get a jump on it, here's the patch.

On the Developer.com website today, Jason Gilmore has a new tutorial covering a important feature of any based PHP install (unless disabled, of course) that is widely taken advantage of - sending emails.

Email plays a crucial role in website development, whether you'd like to confirm a new registrant's email address, recover a lost password, or provide prospective clients with a convenient means to contact you. [...] In this tutorial, I'll introduce you to several solutions for sending email using PHP, including PHP's native mail() function, PEAR's Mail package, and the Zend Framework.

He starts with some of the fundamentals of mail - the difference between POP3 and SMTP, Sendmail, etc - before moving on to an example of the mail function's usage. He does the same with the PEAR Mail package and the Zend_Mail component of the Zend Framework.

Continuing on in their look at sending MIME emails with PHP, DevShed has posted a better way for you to determine the correct MIME type of the file you're wanting to send (third part of the series).

I demonstrated how to build a modular MIME mailer class in PHP 4; it was provided with the capacity to send messages in plain text, and to work with different types of file attachments. This class implements a private method, called "getMimeTypes()," which, as its name would suggest, comes in handy for determining the correct MIME type of a given file. [...] However, the logic implemented by this method is rather primitive and can definitely be improved.

They start with a review of the previous code (PHP4) and show how to get the correct mime type of the file based on the extension mapped to an array of types.

Richard Heyes has posted about a mail() replacement he's come up with that adds the additional functionality of backing up all of the data to a certain directory of your choosing.

A simple drop in replacement function for PHPs mail() function called mailb() which backs up all the data to a specified directory. [...] I've also added a simple header file to Apache and the download directory so it looks nicer.

You can download a copy of his library here as a .phps file (a quick and easy 40ish line script).