How to send an email to a user using their username

Question

Hello i am creating a project management system, that stores new jobs, adds staffs to a team, i have a database where the user records are stored, on my form(gui) i have a list of users in which i can pick from to add to the project i want to send,now i am trying to send an email based on the user i have selected and assigned to the job i am sending the job, which should serve as a notification.

How can i go about this. i know it would be possible beacuse the email address of the user is stored along as the username, password etc, but i dont know how to go about it

A Google search for "PHP send email" seems to be returning some useful results... — David, Aug 11 '14 at 13:09
firstly you need to get the email address of users by there username using select query.. — Priya jain, Aug 11 '14 at 13:09
On the form handler, query to find the email based off of their username. Now that you have their email, you can send it using `PHP` and `IMAP` if that is what you are working with. — Ryan_W4588, Aug 11 '14 at 13:09
hello @ryan can u please explain with an exmple or code snippet — wcp, Aug 11 '14 at 13:13

score 2 · Answer 1 · edited May 23 '17 at 11:57

From this post on SQL parameters in php and the php manual page for mail():

$stmt = $dbConnection->prepare('SELECT * FROM users WHERE username = ?');
$stmt->bind_param('s', $username);

$stmt->execute();

$result = $stmt->get_result();

while ($row = $result->fetch_assoc()) {

    $to      = $row['email']; 
    $subject = 'the subject';
    $message = 'A wizard is never late!';
    $headers = 'From: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .

   mail($to, $subject, $message, $headers);
}

You want to parametrize the SQL query so that there are no SQL injections.

Ryan_W4588 · Accepted Answer · 2014-08-11T13:42:43.170

1

Example:

<form>
    <input type="text" name="user">
    <input type="submit" value = "Submit">
</form>

Handler:

$user = $_POST['user'];
$conn = //DB CONNECTION STATEMENT  
$stmt = $conn->prepare("select * as EMAIL from TABLE_NAME where USERNAME_COLUMN = :user");
$stmt->bindparam(':user', $user);
$stmt->execute();

//do stuff here with data collected//

edited Aug 11 '14 at 13:42

answered Aug 11 '14 at 13:18

Ryan_W4588

648
3
13
32

1

`$stmt = $conn->"select ...` should be `$stmt = $conn->prepare("select ...` – Sean Aug 11 '14 at 13:29
You are correct @Sean, I will corrrect! – Ryan_W4588 Aug 11 '14 at 13:42
No problem @wcp, if you need anything else feel free to ask! – Ryan_W4588 Aug 11 '14 at 13:43
hello ryan can u please update ur snippet, and fix in the process of sending the mail like codehit man did, thanks – wcp Aug 11 '14 at 13:55

Priya jain · Answer 3 · 2014-08-11T13:39:03.233

-1

It should be something like this:

Select email address of users by their username:

$check = $db->prepare("SELECT email FROM table WHERE username = :username"); 
$check->bindValue(':username', 'username');
$check->execute();
$check = $check->fetchAll(PDO::FETCH_ASSOC);

if (count($check) > 0){
  while ($row = $check->fetch_assoc()) {

  $to = $row['email']; //email 
  $subject = 'the subject';
  $message = 'hello';
  $headers = 'From: webmaster@example.com' . "\r\n" .
  'Reply-To: webmaster@example.com' . "\r\n" .

  mail($to, $subject, $message, $headers); 
  }

}

edited Aug 11 '14 at 13:39

answered Aug 11 '14 at 13:14

Priya jain

753
2
5
15

2

It's grossly irresponsible to provide answers with SQL injection vulnerabilities like this. Please stop trying to compromise the OP's server. – David Aug 11 '14 at 13:17
1

wow, cool from wat i see this should work – wcp Aug 11 '14 at 13:20
1

wts the problem with this @ david – wcp Aug 11 '14 at 13:20
1

@wcp: The problem is that this would leave your database vulnerable to SQL injection attacks. Any malicious user would be able to delete your data, read data they're not supposed to read, gain full control over your database, and possibly compromise your whole server, *very easily*. Nobody should *ever* use this code. – David Aug 11 '14 at 13:24
1

[How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) **AND** [`mysql_query()` -> Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.](http://php.net/manual/en/function.mysql-query.php) – Sean Aug 11 '14 at 13:25
but to get email address you have to run a query..how can it be possible without fetching.. – Priya jain Aug 11 '14 at 13:27
all right david thanks then – wcp Aug 11 '14 at 13:27
@Priyajain: It's possible to query a database without allowing users to execute any code they want on that database. Start with a Google search on "PHP SQL injection" and look at the information and examples provided. The code you're using is highly vulnerable to what may be the most common and well-known security attack on the internet. – David Aug 11 '14 at 13:31
hello priya, am sure david means no bad intentions, he just trying to keep us all save on the internet, thanks priya – wcp Aug 11 '14 at 13:37
i can understand..it will be very beneficial for me and others thanks – Priya jain Aug 11 '14 at 13:42

How to send an email to a user using their username

3 Answers3