Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder croatiankid's Avatar
    Join Date
    Jan 2006
    Posts
    665
    Thanks
    1
    Thanked 12 Times in 12 Posts

    Getting \' in emails sent via php

    I don't know if this is a problem with my webmail client, or with my contact form. In my contact form I don't use magic quotes or addslashes, however, it's most likely set to use it in my server's php configuration file. When I receive an email, I open it using squirrelmail, and before every ' or ", there's a \.
    My contact form basically picks up 3 or 4 POST variables, puts them together in another variable, for example $message, by means of = and .= (period-equals), then uses mail($message, etc) (I know I'm just asking for email header injection).

  • #2
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    Without seeing your code...and how you have constructed the headers etc, it is difficult to give any pointers or suggestions.

    How about using PHPMailer class available from http://phpmailer.sourceforge.net/

    Cheers,
    Ess

  • #3
    Regular Coder croatiankid's Avatar
    Join Date
    Jan 2006
    Posts
    665
    Thanks
    1
    Thanked 12 Times in 12 Posts
    Here's the bulk of it.
    PHP Code:
    <?php

    if (isset($_POST['send']))
        {
            if (empty(
    $_POST['name']) || $_POST['name'] == "Required")
                {
                    
    $name_error=1;
                }
            if (empty(
    $_POST['email']) || $_POST['email'] == "Required")
                {
                    
    $email_error=1;
                }
            if (empty(
    $_POST['message']) || $_POST['message'] == "You haven\'t written a message for me!")
                {
                    
    $message_error=1;
                }
            if (
    $_POST['message'] && $_POST['message'] != "You haven\'t written a message for me!" && $_POST['email'] && $_POST['email'] != "Required" && $_POST['name'] && $_POST['name'] != "Required")
                {
                    
    $subject "croatiankid.com - ";
                    
    $subject .= $_POST['subject'];
                    
    $message "Name: ";
                    
    $message .= $_POST['name'];
                    
    $message .= "\n";
                    
    $message .= "Email: ";
                    
    $message .= $_POST['email'];
                    
    $message .= "\n";
                    
    $message .= "Phone: ";
                    
    $message .= $_POST['phone'];
                    
    $message .= "\n";
                    
    $message .= "Message: ";
                    
    $message .= $_POST['message'];
                    
    mail('email@example.com'$subject$message);
                    
    $success=1;
                }
        }
    ?>
    <div id="content">
        <div id="main" class="single">
        <h2>Contact me</h2>
        <p>You can contact me using this form. Please provide as much information as possible; name, e-mail and message is required.</p><?php if ($success == 1){echo "<div style=\"background:#bd8d46;text-align:center\">Message sent!</div>"; } ?>
        <form action="http://croatiankid.com/contact" method="post">
        <div class="form_left"><label for="sub">Subject: </label></div><div class="form_right"><select id="sub" name="subject">
        <option <?php if (empty($_GET['subject'])) {echo "selected=\"selected\" ";} ?>value="General">General</option>
        <option <?php if ($_GET['subject'] == "web") {echo "selected=\"selected\" ";} ?>value="Web Design">Web Design</option>
        <option <?php if ($_GET['subject'] == "graphic") {echo "selected=\"selected\" ";} ?>value="Graphic Design">Graphic Design</option>
        <option <?php if ($_GET['subject'] == "wordpress") {echo "selected=\"selected\" ";} ?>value="Wordpress Theme">Wordpress Theme</option>
        <option <?php if ($_GET['subject'] == "psd2xhtml") {echo "selected=\"selected\" ";} ?>value="PSD 2 (x)HTML">PSD 2 (x)HTML</option>
        <option <?php if ($_GET['subject'] == "translation") {echo "selected=\"selected\" ";} ?>value="Translation">Translation</option>
        </select></div>
        <div class="form_left"><label for="name">Name: </label></div><div class="form_right"><input type="text" id="name" name="name"<?php
        
    if ($name_error==1)
        {echo 
    "value=\"Required\"";}
        
    ?>></div>
        <div class="form_left"><label for="email">E-mail: </label></div><div class="form_right"><input type="text" id="email" name="email"<?php
        
    if ($email_error==1)
        {echo 
    "value=\"Required\"";}
        
    ?>></div>
        <div class="form_left"><label for="phone">Phone: </label></div><div class="form_right"><input type="text" id="phone" name="phone"></div>
        <div><div id="form_mes"><label for="mes">Message: </label></div><div id="form_mes2"><textarea id="mes" cols="30" rows="5" name="message"><?php
        
    if ($message_error==1)
        {echo 
    "You haven't written a message for me!";}
        
    ?></textarea></div></div>
        <div><input type="submit" name="send" value="Send"></div>
        </form>

  • #4
    Senior Coder NancyJ's Avatar
    Join Date
    Feb 2005
    Location
    Bradford, UK
    Posts
    3,174
    Thanks
    19
    Thanked 66 Times in 65 Posts
    $message = stripslashes($message);

  • #5
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,075
    Thanks
    2
    Thanked 320 Times in 312 Posts
    Edit: Basically says the same as above ^^

    Before you display data on a web page or in an email, that comes from a form, a file, or a database, you need to unescape any escaped data using the stripslashes() function - http://php.net/stripslashes
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •