Parsing text for mail script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lamia
Forum Newbie
Posts: 11
Joined: Sun Jun 19, 2005 2:21 am

Parsing text for mail script

Post by lamia »

Hi guys, I have a problem here... It's quite simple, whenever I put a single quote (') in script, it's displayed as \' how come? For example I put Rose's Favorite it would output as Rose\'s favorite... I tried using stripslashes but the output is much worse... it displays as Rose\\\s favorite or something similar to that... Please help... Thanks!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

show your code. stripslashes() shouldn't add more '/'
lamia
Forum Newbie
Posts: 11
Joined: Sun Jun 19, 2005 2:21 am

Post by lamia »

This is my code for parsing text... It uses a routine called escare_data...

Code: Select all

if(empty($_POST['subject']))
   {
     $s=false;
     $errmessage.='<p>Please enter a <b>subject</b>.</p>';
   }
   else
   { 
     $s=$_POST['subject']; //escape_data($_POST['subject']);
   }


   if(empty($_POST['message']))
   {
     $m=false;
     $errmessage.='<p>Please enter a <b>message</b>.</p>';
   }
   else
   { 
     $m="Message sent from http://maineline.com.ph\n\n";
     $m.=$_POST['message']; //escape_data($_POST['message']);
   }

Here's the code for the routine...

Code: Select all

function escape_data($data)
  {
   global $dbconnect;
  
   if (ini_get('magic_quote_gpc'))
   {
	$data=stripslashes($data);
   }
   return mysql_real_escape_string(trim($data),$dbconnect);
  
  }

and finally... Here's the mail routine...

Code: Select all

if ($n && $s && $e && $m)
   {

     ini_set("SMTP","localhost");
     ini_set("smtp_port","26");
     ini_set("sendmail_from","admin@localhost.com");

     $headers  = "MIME-Version: 1.0\n";
     $headers .= "Content-type: text/plain; charset=iso-8859-1\n";
     $headers .= "X-Priority: 3\n";
     $headers .= "X-MSMail-Priority: Normal\n";
     $headers .= "X-Mailer: php\n";
     $headers .= "From: \"".$n."\" <".$e.">\n";

     if (mail("netboysbe@yahoo.com",$s,$m,$headers))
     {
       $message.="<center><p>Success!</p></center>";
     }
     else
     {
       $message.="<center><p>The following errors occured!</p></center>";
       $errmessage.='<p>Unable to send message.</p>';
     }
   }
   else
   {
     $message.="<center><p>The following errors occured!</p></center>";
   }
JCART | Please use

Code: Select all

tags when posting php code. Review [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Your function is sort of "dumb" in a sense that you are removing slashes only to escape them again.
You'll find the user comments and or direct example of mysql_real_escape_string() usefull. One I found was

Code: Select all

<?php
// Quote variable to make safe
function quote_smart($value)
{
   // Stripslashes
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
   // Quote if not integer
   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}
?>
As you can see, it's a bit better than running through all you've done.
Post Reply