It’s almost crucial for a website to build it’s audience using every method possible. A good way of keeping your visitors informed and, most of all, active on your site (don’t let them forget you) is by using a newsletter software. Contacting your subscribers from time to time by sending them good newsletters can have a massive impact on your business and earnings as well.
We are not going to talk in this tutorial how to keep your subscribers informed and with what but, we are going to learn something. How to collect email addresses to feed our lists. For those of you that are not interested in a tutorial but the application please scroll down to the end of this writing and locate the download link.
Our application will be formed from 5 pages: 1 used to connect to the database (db.php), 1 will keep the functions (validation, insertion, etc.) (functions.php), 1 will be used to confirm a subscription after the email is received and the link clicked (confirm.php), 1 will add the subscriber to the database (add.php) and the last one will be the form itself which can be easily implemented into any html or php file.
A good thing would be to verify that the subscriber is indeed the owner of the email address provided so I decided to add a “status” field to the MySql table in order to be able to extract only confirmed email addresses when I decide to use them. This will ensure that our list is healthy and that we’re not spamming anyone.
CREATE TABLE `subscribers` (
`ID` int(11) NOT NULL auto_increment,
`email` varchar(255) NOT NULL,
`rand_key` varchar(32) NOT NULL,
`status` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`ID`)
The basic validation to allow subscriptions will check to see if the email ($_POST[’email’]) entered is a valid email, that is not empty and it’s not already on our list.
if(!empty($_POST['email']) && valid_email($_POST['email']) && checkUnique('email', $_POST['email']))
$random_key = random_string('alnum', 32);
$insert = mysql_query('INSERT INTO `subscribers` (`email`, `rand_key`)
"'.$random_key.'")') or die(mysql_error());
$to = $_POST['email'];
$headers = 'From: email@example.com'. "\r\n" .
'Reply-To: firstname.lastname@example.org' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
$subject = "Please confirm your subscription";
$message = "Hello! You received thismessage because you subscribed to our newsletter. To confirm your action please click on the following link: http://www.mydomain.com/confirm.php?ID=".mysql_insert_id()."&key=".$random_key.".";
if(mail($to, $subject, $message, $headers))
echo 'Thank you for subscribing. To confirm your subscription please click on the link that we sent to your email address.';
echo "Message not sent. Please make sure you're not
running this on localhost and also that you
are allowed to run mail() function from your webserver";
elseif (!checkUnique('email', $_POST['email']))
echo 'You are already subscribed.';
echo 'Please make sure you entered a valid email address and try again';
As you can see from the above code, we first require the functions.php file which holds our validation functions and after that we call them using the only post parameter (the email address) to run the validations (for more snippets and functions please visit the snippets section). Once/if it will pass the validation, the email will be added to our database and an email will be sent out to the subscriber containing a link that needs to be clicked in order to verify their subscription. The link points to confirm.php and will use the ID of the newly inserted email (mysql_insert_id()) and a random key of exact 32 characters to verify the status of the subscriber and it’s validity. If the ID+the random key will match and the status of the subscriber is equal to 0, we update the record and change the status to 1 which means a confirmed email address.
if($_GET['ID']!='' && numeric($_GET['ID'])==TRUE && strlen($_GET['key'])==32 && alpha_numeric($_GET['key'])==TRUE)
$query = mysql_query("SELECT ID, rand_key, status FROM subscribers WHERE ID = '".mysql_real_escape_string($_GET['ID'])."'");
$row = mysql_fetch_assoc($query);
echo 'Your subscription was already confirmed !';
echo 'The confirmation key that was generated for this subscription does not match with the one entered !';
$update = mysql_query("UPDATE subscribers SET status=1 WHERE ID='".mysql_real_escape_string($row['ID'])."'") or die(mysql_error());
echo 'Congratulations ! You just confirmed your subscription !';
echo 'Subscriber not found !';
echo 'Invalid data provided !';
As you can see, our page will first check if the id provided in our link is numeric (numeric($_GET[‘ID’])), if the random key is alpha-numeric (alpha_numeric($_GET[‘key’])==TRUE) and if it has exactly 32 characters (strlen($_GET[‘key’])==32). Using if/else statements we always communicate with the subscriber and report if the update was successful or not.
The application itself is very simple, straightforward and will not interrupt our visitor’s activity on the page. That’s perfect and as expected.
For a demo (will not send out emails!) please click here – download link lower on the page.