Page 1 of 1

Having a problem in my php form

Posted: Fri Jul 02, 2010 10:33 am
by oscaredward
Hi,
I have created a form which collects data from my html form and sends to my email address.
Everything is alright but if a user puts a ' or " in his message my php form will append a slash / to it and will send to me!

here is my code:
anyone knows why this happens?

<?
// Create Message Text
foreach($_POST as $key => $value) {
if(!in_array($key, array("Submit"))) {
$message .= "$key : = $value \n";
}
}
$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");

Re: Having a problem in my php form

Posted: Fri Jul 02, 2010 10:44 am
by Jade
Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.

http://us2.php.net/manual/en/function.htmlentities.php

Re: Having a problem in my php form

Posted: Fri Jul 02, 2010 12:15 pm
by AbraCadaver
Jade wrote:Your server has escape strings turned on in the $_POST method. If you don't want those to show up then you need to use html_entities on the message before you send it.

http://us2.php.net/manual/en/function.htmlentities.php
Probably better to use stripslashes()

Re: Having a problem in my php form

Posted: Sat Jul 03, 2010 10:48 pm
by oscaredward
Thank you for your help, I am new to php, can you please tell me how should I use html_entities or stripslashes on my form? I don't know which one to use and how. Please help me! :?

Re: Having a problem in my php form

Posted: Tue Jul 06, 2010 9:09 am
by Jade

Code: Select all


<?
// Create Message Text
foreach($_POST as $key => $value) {
          if(!in_array($key, array("Submit"))) {
               $message .= "$key : = $value \n";
          }
}

$message = htmlentities(stripslashes($message));

$valid = $img->check($_POST['Captcha']);
mail("sales@domain.com", "zyx", $message, "From:" . $HTTP_POST_VARS['TransferorEmail']);
header("location:http://www.domain.com/ok.html");
?>