Category: PHP

Email-to-SMS Gateway List With Setup & Code Example

Email-to-SMS Gateway List With Setup & Code Example

email_to_sms
email_to_sms

    For personnel projects, one might need to send a message to a phone to give updates or alerts. This can be done relatively easily by using PHP and its “mail()” command. But, we need to know what gateway to send it to and what the number is. The number part is easy but gateways vary. So, here is a reference list of Email-to-SMS Gateways. In addition, there is a quick code reference part to help get the ball rolling. As a final point before starting, you will need a proper mailing system and FQDN to make sure messages get through. Some gateways are highly fickle and you might not always get the SMS sent through using this setup. So, don’t use this in a commercial context unless you do the aforementioned.

Code Reference:

    First, you’ll need the program “mail()” uses to send messages. In a terminal do:

sudo apt-get install sendmail

Then, edit the host file found at /etc/hosts. You’ll have something like this at the top: 127.0.0.1 localhost. You need it to be setup the proper FQDN syntax; so, something like this: 127.0.0.1 localhost.example.com is needed. After all that is setup (You might need to reboot.) you simply need to insert into a PHP script the following:

$number = "[email protected]";
$subject = "Your sybject message here.";         // Not used in text messages per say
$tmessage = wordwrap("Your message here.", 70 );

mail($number, $subject, $tmessage);

Gateway List:

Cell CarrierEmail Domain
AT&T Enterprise Pagingpage.att.net
AT&T Wirelesstxt.att.net
Alaska Communication Systemsmsg.acsalaska.com
Alltel text.wireless.alltel.com
Now part of AT&T
Australia T-Mobile/Optus Zoo (Optus)optusmobile.com.au
Appears they charge for the service
Bell Mobility & Solo Mobiletxt.bell.ca
Bluegrass Cellularsms.bluecell.com
Boost Mobilemyboostmobile.com
Cellcomcellcom.quiktxt.com
Cellular South (C Spire)cellularsouth1.com
(now cspire1.com)
Centennial Wirelesscwemail.com
Cincinnati Bellgocbw.com
Cingularcingular.com
Merged with AT&T Mobility 2007
Cingular Prepaidcingulartext.com
Cox WirelessDiscontinued 2012
Cricket Wirelessmms.cricketwireless.net
Digicel St. Luciadigitextlc.com
Fidofido.ca
Google VoiceNot an actual carrier
GCI Alask Digitel (GCI)mobile.gci.net
IV Cellular (Illinois Valley Cellular)ivctext.com
i wireless (iWireless)iwspcs.net (T-Mobile)
iwirelesshometext.com (Sprint PCS)
Koodo Mobilemsg.telus.com
Limetxt2lime.com
Metro PCSmymetropcs.com
MobilicityNo email-to-SMS service
MTS Mobilitytext.mtsmobility.com
NET10Determine NET10’s carrier
Nex-Techsms.nextechwireless.com
nTelospcs.ntelos.com
Will change to Sprint early 2016
O2 (M-mail)mmail.co.uk
O2 Powered Networks 
O2 UKo2imail.co.uk
Optusoptusmobile.com.au
Appears they charge for the service
Orangeorange.net
PC Telecommobiletxt.ca
PTel Mobiletmomail.net
Pioneer Cellularzsend.com
Pocket Wirelesssms.pocket.com
Republic Wirelesstext.republicwireless.com
Rogers Wirelesspcs.rogers.com
SaskTelsms.sasktel.com
Sprintmessaging.sprintpcs.com
Straight TalkDetermine Straight Talk’s carrier
Syringa Wirelessrinasms.com
T-Mobiletmomail.net
T-Mobile UKt-mobile.uk.net
Telstraonlinesms.telstra.com
Telus Mobilitymsg.telus.com
Threethree.co.uk
TracfoneDetermine Tracfone’s carrier
US Cellularemail.uscc.net
Unicelutext.com
Verizonvtext.com
Viaeroviaerosms.com
Virgin Mobilevmobl.com
Virgin Mobile Canadavmobile.ca
Virgin Mobile UKvxtras.com
VodafoneNo email-to-SMS service
Wind Mobiletxt.windmobile.ca

Check out my article regarding test servers so you can test this out properly!


Servers
Quick Test Server

Prevent SQL Injections

Prevent SQL Injections

sql injections
sql injections

    Preventing SQL injections is pretty easy once you know what you are doing. Some of you who are new to databases might think about character substitutions, character escaping, or just outright banning of certain characters; but, those options are laborious and not nearly as simple or elegant. Instead, we can use a technique called SQL Parameterization. It’s a fancy word for a straightforward process. For this guide, I’ll be referencing a database titled Movies.

    To explain it simply, what we are going to do is use a “?” in place of inserting our value. We then have our value tied to the “?” which will then be interpreted as a string literal. Since it is being handled as a string literal and is being kept from interpretation, this keeps us from having our databases deleted, stolen, or used in unforeseen ways.

The setup looks like this:

// Instead of this.
$updateComm = "SELECT title FROM Movies WHERE id = '" . $ID . "'";

// We have this.
$updateComm = "SELECT title FROM Movies WHERE id = ?";

Again, the question mark is like a reference marker/bind point. Our data gets tied to it and is never interpreted. We next do a prepare statement that’ll allow us to bind values. The first way we can do this is by binding the values to the field individually.

Let’s take a look:

// We first setup a command with the properly inserted question marks.
$updateComm = "UPDATE Movies SET title = ?, link = ?, date = ? WHERE id = ?";
 
// We then set it up for preparation.
$updateStatement = $db->prepare( $updateComm );

// We then insert to the bind points.
// Note: They are in order of appearance in the command. 
//       This is why we bind to title first and then links, etc.
//       Keep this in mind when setting up commands.
//       Also, we don't start at zero but one.
$updateStatement->bindValue( 1, "I, Robot", PDO::PARAM_STR );
$updateStatement->bindValue( 2, "LINK", PDO::PARAM_STR );
$updateStatement->bindValue( 3, "July 7, 2004", PDO::PARAM_STR );
$updateStatement->bindValue( 4, 666999, PDO::PARAM_INT );
 
// We then execute the command which is properly set up.
$updateStatement->execute();

The second option is to just pass the arguments as an array without individual binding. Note once more that it is all based on order of the question marks.

$updateComm = "UPDATE Movies SET title = ?, link = ?, date = ? WHERE id = ?";
 
// We then set it up for preparation.
$updateStatement = $db->prepare( $updateComm );

// Then, just pass parameters as an array to the execute method.
$updateStatement->execute( array( "I, Robot", "LINK", "July 7, 2004", 666999) );

In both cases, everything is properly sanitized for you and you don’t have to worry about rogue single quotes or DROP TABLE commands getting through. You’re done! Easy right? At this point, all you have to do is look up your language and how to do the above steps and implement them for secure database interactions. Look at Rosetta Code for how other languges setup parameterization. In addition, if you’ve read any of my other articles, pick a project like my PHP7, SQLite3, and Ajax Tutorial to practice this on in addition to learning other skills and techniques.