Jump to content

multipart mail not sending correctly

Go to solution Solved by brentman,

Recommended Posts

I am trying to send a basic email that is multipart via the mail() function in php. I am not interested in using PHPmail. This should be very light weight.


Currently when I send email to gmail, it is sending the html part as plain text so all the tags are showing.


Here is my code:

$to = htmlentities($_GET['to']);
$friendly_from = htmlentities($_GET['friendly_from']);
$email_from = htmlentities($_GET['email_from']);
$subject = htmlentities($_GET['subject']);
$text = htmlentities($_GET['text']);
$html = htmlentities($_GET['html']);

# Setup mime boundary
$mime_boundary = 'Multipart_Boundary_x' . md5(time()) . 'x';

$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n";
$headers .= "Reply-To: " . $email_from . " \r\n";

# Add in plain text version
$body.= "--$mime_boundary\n";
$body.= "Content-Type: text/plain; charset=\"charset=us-ascii\"\n";
$body.= "Content-Transfer-Encoding: 7bit\n\n";
$body.= $text;
$body.= "\n\n";

# Add in HTML version
$body.= "--$mime_boundary\n";
$body.= "Content-Type: text/html; charset=\"UTF-8\"\n";
$body.= "Content-Transfer-Encoding: 7bit\n\n";
$body.= $html;
$body.= "\n\n";

# End email
$body.= "--$mime_boundary--\n"; # <-- Notice trailing --, required to close email body for mime's

# Finish off headers
$headers .= "From: " . $friendly_from . " <" . $email_from . ">\r\n";
$headers .= "X-Sender-IP: " . $_SERVER[SERVER_ADDR] . "\r\n";
$headers .= 'Date: ' . date('n/d/Y g:i A') . "\r\n";

# Mail it out
return mail($to, $subject, $body, $headers);

Here is what I am receiving. (And yes I can accept html emails).



Edited by brentman
Link to comment
Share on other sites

htmlentities() would be used on the CONTENT being put into the html markup, that you want to be rendered literally as typed, and also making any javascript/css/html markup in the content, inert.


if your $_GET['html']/$html IS the html markup for the page, no, you would not pass it through htmlentities().


i'm hoping that you have some security in place to prevent just anyone from submitting whatever they want to your code?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.