unexpected escape characters in text email...
Moderator: General Moderators
unexpected escape characters in text email...
I use PHP and MySQL for submission and processing of new account applications via our web site. The applications are submitted through HTML forms and PHP to a MySQL table, then the data is retreived similarly and sent as a plain text email to our customer service department.
For one reason or another, sometime's applicants need to use the single quote (') or apostrophe (`) -- examples would be Macy`s or D'Amelio. This is resulting in a problem -- the email converts D'Amelio to D\'Amelio and Macy`s to Macy\`s.
I've tried structuring the email content as both
$email_content1 = "Dear".$sirnm." ".$lname.",\n";
and
$email_content2 = "Dear $fname $lname,\n";
but I have the same result either way. The content of the MySQL table does show the text properly as D'Amelio. Also, I'm using a basic mail(); command with no specific headers in it.
My assumption is that it's one of three things -- a) I need to define the mail headers more specifically, b) I need to restructure the MySQL query, or c) I need to restructure my variables.
I understand that ', ", and ` are used by PHP to enclose strings, etc...
It would make sense if I got a variable error, or if (\') was converted to ('), since (') is reserved; however, why would is convert (') to (\')?
Wouldn't that be like a line break being converted to (\n), rather than (\n) being converted to a line break?
Does anyone have an idea as to how I can correct this?
Thanks,
Eric Baze, Creative Specalist
ConferenceCall.com
ebaze@conferencecall.com
For one reason or another, sometime's applicants need to use the single quote (') or apostrophe (`) -- examples would be Macy`s or D'Amelio. This is resulting in a problem -- the email converts D'Amelio to D\'Amelio and Macy`s to Macy\`s.
I've tried structuring the email content as both
$email_content1 = "Dear".$sirnm." ".$lname.",\n";
and
$email_content2 = "Dear $fname $lname,\n";
but I have the same result either way. The content of the MySQL table does show the text properly as D'Amelio. Also, I'm using a basic mail(); command with no specific headers in it.
My assumption is that it's one of three things -- a) I need to define the mail headers more specifically, b) I need to restructure the MySQL query, or c) I need to restructure my variables.
I understand that ', ", and ` are used by PHP to enclose strings, etc...
It would make sense if I got a variable error, or if (\') was converted to ('), since (') is reserved; however, why would is convert (') to (\')?
Wouldn't that be like a line break being converted to (\n), rather than (\n) being converted to a line break?
Does anyone have an idea as to how I can correct this?
Thanks,
Eric Baze, Creative Specalist
ConferenceCall.com
ebaze@conferencecall.com
what doessay about magic_quote?
Code: Select all
<?php phpinfo(); ?>This might be a dumb thing to ask but after you've got the info from the database are you using strip_slashes() on it before you dump it into the email?
For example.....
For example.....
Code: Select all
<?php
// $TEXT is some text from the database
$body = "Hello.\n\n";
$body.= strip_slashes($TEXT)."\n\n";
$body.= "Goodbye.";
mail($to, $subject, $body, $headers);
?>If your viewing the database using something like PHPMyAdmin then the info displayed will be striped of slashes anyway..... this doesn't mean that the actual data in the database is void of any \ characters.
What you see on the page and what the actual database info looks like can, and normally will, vary.
What you see on the page and what the actual database info looks like can, and normally will, vary.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Code: Select all
<?php phpinfo(); ?>http://php.net/manual/en/ref.info.php#i ... quotes-gpc
if no magic quoting is in effect the GET/POST parameters are passed as is.
try this simple script
Code: Select all
<html>
<body>
<pre>user input: <?php print_r(@$_POST['text']); ?></pre>
<form method="post">
<input type="text" name="text" /><input type="submit" />
</form>
</body>
</html>If it displays a''b then magic_quote_.. is On.
You should always be aware of the state of magic_quote and wether your script depends on it, e.g. take this query
Code: Select all
<?php
$query = "SELECT fieldnameA FROM tablename WHERE fieldnameB='$_POST[userinput]'";If magic_quote is disabled $query will evaluate to SELECT fieldnameA FROM tablename WHERE fieldnameB='a'b' which is not good since it will cause an error if passed to the database.
If magic_quote is enabled $query will evaluate to SELECT fieldnameA FROM tablename WHERE fieldnameB='a''b' which is better since the database will recognize 'a''b' as one string literal ('' does not end the literal)
Personally I do not like magic_quote because I have to test wether it is enabled or disabled in every script. And there's nothing wrong with data containing ', " or \0 ; only some components need special treatment for those characters and they should take care of it themself (like mysql_escape_string() or even better parameterized queries)