Parsing text for mail script
Moderator: General Moderators
Parsing text for mail script
Hi guys, I have a problem here... It's quite simple, whenever I put a single quote (') in script, it's displayed as \' how come? For example I put Rose's Favorite it would output as Rose\'s favorite... I tried using stripslashes but the output is much worse... it displays as Rose\\\s favorite or something similar to that... Please help... Thanks!
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
This is my code for parsing text... It uses a routine called escare_data...
Here's the code for the routine...
and finally... Here's the mail routine...
JCART | Please use
Code: Select all
if(empty($_POST['subject']))
{
$s=false;
$errmessage.='<p>Please enter a <b>subject</b>.</p>';
}
else
{
$s=$_POST['subject']; //escape_data($_POST['subject']);
}
if(empty($_POST['message']))
{
$m=false;
$errmessage.='<p>Please enter a <b>message</b>.</p>';
}
else
{
$m="Message sent from http://maineline.com.ph\n\n";
$m.=$_POST['message']; //escape_data($_POST['message']);
}Here's the code for the routine...
Code: Select all
function escape_data($data)
{
global $dbconnect;
if (ini_get('magic_quote_gpc'))
{
$data=stripslashes($data);
}
return mysql_real_escape_string(trim($data),$dbconnect);
}and finally... Here's the mail routine...
Code: Select all
if ($n && $s && $e && $m)
{
ini_set("SMTP","localhost");
ini_set("smtp_port","26");
ini_set("sendmail_from","admin@localhost.com");
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$n."\" <".$e.">\n";
if (mail("netboysbe@yahoo.com",$s,$m,$headers))
{
$message.="<center><p>Success!</p></center>";
}
else
{
$message.="<center><p>The following errors occured!</p></center>";
$errmessage.='<p>Unable to send message.</p>';
}
}
else
{
$message.="<center><p>The following errors occured!</p></center>";
}Code: Select all
tags when posting php code. Review [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Your function is sort of "dumb" in a sense that you are removing slashes only to escape them again.
You'll find the user comments and or direct example of mysql_real_escape_string() usefull. One I found was
As you can see, it's a bit better than running through all you've done.
You'll find the user comments and or direct example of mysql_real_escape_string() usefull. One I found was
Code: Select all
<?php
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>