Verification: a143cc29221c9be0

Php code for sending mail

What is PHP mail?

PHP mail is the built in PHP function that is used to send emails from PHP scripts.

The mail function accepts the following parameters;

  • Email address
  • Subject
  • Message
  • CC or BC email addresses
    • It’s a cost effective way of notifying users on important events.
    • Let users contact you via email by providing a contact us form on the website that emails the provided content.
    • Developers can use it to receive system errors by email
    • You can use it to email your newsletter subscribers.
    • You can use it to send password reset links to users who forget their passwords
    • You can use it to email activation/confirmation links. This is useful when registering users and verifying their email addresses

In this tutorial, you will learn-

  • Why/When to use the PHP mail
  • Simple Mail Transmission Protocol
  • Sanitizing email user inputs
  • Secure Mail

Why/When to use the mail PHP

Sending mail using PHP

The PHP mail function has the following basic syntax


  • “$to_email_address” is the email address of the mail recipient
  • “$subject” is the email subject
  • “$message” is the message to be sent.
  • “[$headers]” is optional, it can be used to include information such as CC, BCC
    • CC is the acronym for carbon copy. It’s used when you want to send a copy to an interested person i.e. a complaint email sent to a company can also be sent as CC to the complaints board.
    • BCC is the acronym for blind carbon copy. It is similar to CC. The email addresses included in the BCC section will not be shown to the other recipients.

Simple Mail Transmission Protocol (SMTP)

PHP mailer uses Simple Mail Transmission Protocol (SMTP) to send mail.

On a hosted server, the SMTP settings would have already been set.

The SMTP mail settings can be configured from “php.ini” file in the PHP installation folder.

Configuring SMTP settings on your localhost Assuming you are using xampp on windows, locate the “php.ini” in the directory “C:\xampp\php”.

  • Open it using notepad or any text editor. We will use notepad in this example. Click on the edit menu

  • Click on Find… menu

  • The find dialog menu will appear

  • Click on Find Next button

  • Locate the entries
    • [mail function]
    • ; XAMPP: Don’t remove the semi column if you want to work with an SMTP Server like Mercury
    • ; SMTP = localhost
    • ; smtp_port = 25
    • Remove the semi colons before SMTP and smtp_port and set the SMTP to your smtp server and the port to your smtp port. Your settings should look as follows
      • SMTP =
      • smtp_port = 25
      • Note the SMTP settings can be gotten from your web hosting providers.
      • If the server requires authentication, then add the following lines.
        • auth_username = This email address is being protected from spambots. You need JavaScript enabled to view it.
        • auth_password = example_password
        • Save the new changes.
        • Restart Apache server.

Php Mail Example

Let’s now look at an example that sends a simple mail.


  Note: the above example only takes the 4 mandatory parameters.

You should replace the above fictitious email address with a real email address.

Sanitizing email user inputs

The above example uses hard coded values in the source code for the email address and other details for simplicity.

Let’s assume you have to create a contact us form for users fill in the details and then submit.

  • Users can accidently or intentional inject code in the headers which can result in sending spam mail
  • To protect your system from such attacks, you can create a custom function that sanitizes and validates the values before the mail is sent.

Let’s create a custom function that validates and sanitizes the email address using the filter_var built in function.

Filter_var function The filter_var function is used to sanitize and validate the user input data.

It has the following basic syntax.


  • “filter_var(…)” is the validation and sanitization function
  • “$field” is the value of the field to be filtered.
  • “SANITIZATION TYPE” is the type of sanitization to be performed on the field such as;
    • FILTER_VALIDATE_EMAIL – it returns true for valid email addresses and false for invalid email addresses.
    •  FILTER_SANITIZE_EMAIL – it removes illegal characters from email addresses. info\@domain.(com) returns This email address is being protected from spambots. You need JavaScript enabled to view it..
    • FILTER_SANITIZE_URL – it removes illegal characters from URLs. http://www.example@.comé returns >
    • FILTER_SANITIZE_STRING  - it removes tags from string values. am bold becomes am bold.

The code below implements uses a custom function to send secure mail.


Secure Mail

Emails can be intercepted during transmission by unintended recipients.

This can exposure the contents of the email to unintended recipients.

Secure mail solves this problem by transmitting emails via Hypertext Transfer Protocol Secure (HTTPS).

HTTPS encrypts messages before sending them.

1. Send Email using PHP

Lets create a php file sendEmail.php in your web document root with following content. Change the $to_email with your recipient email address, $subject and $body as per your need, Keep as it is for testing purpose, $from_email with sender email address.

vim /var/www/html/sendEmail.php

Add below content

   $subject = "Simple Email Test via PHP";

   $body = "Hi,nn This is test email send by PHP Script";

   if ( mail($to_email, $subject, $body, $headers)) {

      echo("Email successfully sent to $to_email...");

   } else {

      echo("Email sending failed...");



Now we can test it by access in a web browser or simply execute it from the command line like below.

php sendEmail.php