unexpected escape characters in text email...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ericbaze
Forum Newbie
Posts: 4
Joined: Tue Oct 14, 2003 12:58 pm
Location: Carrollton, TX

unexpected escape characters in text email...

Post by ericbaze »

I use PHP and MySQL for submission and processing of new account applications via our web site. The applications are submitted through HTML forms and PHP to a MySQL table, then the data is retreived similarly and sent as a plain text email to our customer service department.

For one reason or another, sometime's applicants need to use the single quote (') or apostrophe (`) -- examples would be Macy`s or D'Amelio. This is resulting in a problem -- the email converts D'Amelio to D\'Amelio and Macy`s to Macy\`s.

I've tried structuring the email content as both

$email_content1 = "Dear".$sirnm." ".$lname.",\n";

and

$email_content2 = "Dear $fname $lname,\n";

but I have the same result either way. The content of the MySQL table does show the text properly as D'Amelio. Also, I'm using a basic mail(); command with no specific headers in it.

My assumption is that it's one of three things -- a) I need to define the mail headers more specifically, b) I need to restructure the MySQL query, or c) I need to restructure my variables.

I understand that ', ", and ` are used by PHP to enclose strings, etc...

It would make sense if I got a variable error, or if (\') was converted to ('), since (') is reserved; however, why would is convert (') to (\')?

Wouldn't that be like a line break being converted to (\n), rather than (\n) being converted to a line break?

Does anyone have an idea as to how I can correct this?

Thanks,

Eric Baze, Creative Specalist
ConferenceCall.com
ebaze@conferencecall.com
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

what does

Code: Select all

<?php phpinfo(); ?>
say about magic_quote?
ericbaze
Forum Newbie
Posts: 4
Joined: Tue Oct 14, 2003 12:58 pm
Location: Carrollton, TX

Post by ericbaze »

What am I lookin for within the phpinfo page? I've read through it an nothing stands out that seems appropriate.

Thanks,

Eric
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

This might be a dumb thing to ask but after you've got the info from the database are you using strip_slashes() on it before you dump it into the email?

For example.....

Code: Select all

<?php
// $TEXT is some text from the database

$body = "Hello.\n\n";
$body.= strip_slashes($TEXT)."\n\n";
$body.= "Goodbye.";

mail($to, $subject, $body, $headers);
?>
ericbaze
Forum Newbie
Posts: 4
Joined: Tue Oct 14, 2003 12:58 pm
Location: Carrollton, TX

Post by ericbaze »

I'll give that a try, but I don't think "strip_slashes" will have an effect. Example, D'Amelio still appears as D'Amelio in the database; however, it becomes D''Amelio in the email.

Is it possible I need to specify more encoding information in the $headers variable for the mail(); command?
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

If your viewing the database using something like PHPMyAdmin then the info displayed will be striped of slashes anyway..... this doesn't mean that the actual data in the database is void of any \ characters.

What you see on the page and what the actual database info looks like can, and normally will, vary.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

The conversion to '' is happening when the form is posted, if you retrieved the data from the database the slashes are gone (but they are needed for the data to go in), however, if you use POSTed data in your e-mails you need to use stripslashes() on it before it is added to the message.

Mac
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Code: Select all

<?php phpinfo(); ?>
should display the settings for magic_quotes_gpc
http://php.net/manual/en/ref.info.php#i ... quotes-gpc

if no magic quoting is in effect the GET/POST parameters are passed as is.
try this simple script

Code: Select all

<html>
	<body>
		<pre>user input: <?php	print_r(@$_POST['text']); ?></pre>
		<form method="post">
			<input type="text" name="text" /><input type="submit" />
		</form>
	</body>
</html>
input a'b and submit the form.
If it displays a''b then magic_quote_.. is On.

You should always be aware of the state of magic_quote and wether your script depends on it, e.g. take this query

Code: Select all

<?php
$query = "SELECT fieldnameA FROM tablename WHERE fieldnameB='$_POST[userinput]'";
assume the user typed a'b into the field and submits the form.
If magic_quote is disabled $query will evaluate to SELECT fieldnameA FROM tablename WHERE fieldnameB='a'b' which is not good since it will cause an error if passed to the database.
If magic_quote is enabled $query will evaluate to SELECT fieldnameA FROM tablename WHERE fieldnameB='a''b' which is better since the database will recognize 'a''b' as one string literal ('' does not end the literal)
Personally I do not like magic_quote because I have to test wether it is enabled or disabled in every script. And there's nothing wrong with data containing ', " or \0 ; only some components need special treatment for those characters and they should take care of it themself (like mysql_escape_string() or even better parameterized queries)
ericbaze
Forum Newbie
Posts: 4
Joined: Tue Oct 14, 2003 12:58 pm
Location: Carrollton, TX

Post by ericbaze »

stripslashes(); fixed the problem!

$raw = "foo";
$content = stripslashes($raw);

Thanks,

Eric
Post Reply