Page 1 of 1

PHP - Web to Mail

Posted: Wed Jul 13, 2011 2:42 pm
by unplugme71
I have a contact form that visitors fill out. The form takes the contents and submits it to my email as a message.

Do I need to put addslashes() in front of each value ? I thought addslashes() was only for enterting into a database but I see other sites using addslashes() so I wanted to get some input.

Reason I ask, it'll be annoying to see / in front of ' and " when reading a message.

Re: PHP - Web to Mail

Posted: Thu Jul 14, 2011 3:29 am
by social_experiment
unplugme71 wrote:Do I need to put addslashes() in front of each value ?
For email you should use htmlentities() with the ENT_QUOTES flag. ;) It's better to be annoyed with security measures than wishing you had used them.

Re: PHP - Web to Mail

Posted: Thu Jul 14, 2011 7:14 am
by unplugme71
htmlentities() doesn't seem to do anything

I'm running PHP 5.x

Re: PHP - Web to Mail

Posted: Thu Jul 14, 2011 8:02 am
by social_experiment
htmlentities() converts unsafe html characters to html safe characters. You won't see the results unless you view the source of the page / message. Although the characters look the same they are created by alternate methods; instead of & you should see &