Hi,
I have created a form which collects data from my html form and sends to my email address.
Everything is alright but if a user puts a ' or " in his message my php form will append a slash / to it and will send to me!
here is my code:
anyone knows why this happens?
<?
// Create Message Text
foreach($_POST as $key => $value) {
if(!in_array($key, array("Submit"))) {
$message .= "$key : = $value \n";
}
}
$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");
Having a problem in my php form
Moderator: General Moderators
-
oscaredward
- Forum Newbie
- Posts: 2
- Joined: Fri Jul 02, 2010 10:27 am
Re: Having a problem in my php form
Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.
http://us2.php.net/manual/en/function.htmlentities.php
http://us2.php.net/manual/en/function.htmlentities.php
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: Having a problem in my php form
Probably better to use stripslashes()Jade wrote:Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.
http://us2.php.net/manual/en/function.htmlentities.php
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
-
oscaredward
- Forum Newbie
- Posts: 2
- Joined: Fri Jul 02, 2010 10:27 am
Re: Having a problem in my php form
Thank you for your help, I am new to php, can you please tell me how should I use html_entities or stripslashes on my form? I don't know which one to use and how. Please help me! 
Re: Having a problem in my php form
Code: Select all
<?
// Create Message Text
foreach($_POST as $key => $value) {
if(!in_array($key, array("Submit"))) {
$message .= "$key : = $value \n";
}
}
$message = htmlentities(stripslashes($message));
$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");
?>