Having a problem in my php form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oscaredward
Forum Newbie
Posts: 2
Joined: Fri Jul 02, 2010 10:27 am

Having a problem in my php form

Post by oscaredward »

Hi,
I have created a form which collects data from my html form and sends to my email address.
Everything is alright but if a user puts a ' or " in his message my php form will append a slash / to it and will send to me!

here is my code:
anyone knows why this happens?

<?
// Create Message Text
foreach($_POST as $key => $value) {
if(!in_array($key, array("Submit"))) {
$message .= "$key : = $value \n";
}
}
$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: Having a problem in my php form

Post by Jade »

Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.

http://us2.php.net/manual/en/function.htmlentities.php
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Having a problem in my php form

Post by AbraCadaver »

Jade wrote:Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.

http://us2.php.net/manual/en/function.htmlentities.php
Probably better to use stripslashes()
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
oscaredward
Forum Newbie
Posts: 2
Joined: Fri Jul 02, 2010 10:27 am

Re: Having a problem in my php form

Post by oscaredward »

Thank you for your help, I am new to php, can you please tell me how should I use html_entities or stripslashes on my form? I don't know which one to use and how. Please help me! :?
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: Having a problem in my php form

Post by Jade »

Code: Select all


<?
// Create Message Text
foreach($_POST as $key => $value) {
          if(!in_array($key, array("Submit"))) {
               $message .= "$key : = $value \n";
          }
}

$message = htmlentities(stripslashes($message));

$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");
?>
Post Reply