Page 1 of 1
Parsing text for mail script
Posted: Sun Jun 19, 2005 12:16 pm
by lamia
Hi guys, I have a problem here... It's quite simple, whenever I put a single quote (') in script, it's displayed as \' how come? For example I put Rose's Favorite it would output as Rose\'s favorite... I tried using stripslashes but the output is much worse... it displays as Rose\\\s favorite or something similar to that... Please help... Thanks!
Posted: Sun Jun 19, 2005 12:18 pm
by John Cartwright
show your code. stripslashes() shouldn't add more '/'
Posted: Sun Jun 19, 2005 12:40 pm
by lamia
This is my code for parsing text... It uses a routine called escare_data...
Code: Select all
if(empty($_POST['subject']))
{
$s=false;
$errmessage.='<p>Please enter a <b>subject</b>.</p>';
}
else
{
$s=$_POST['subject']; //escape_data($_POST['subject']);
}
if(empty($_POST['message']))
{
$m=false;
$errmessage.='<p>Please enter a <b>message</b>.</p>';
}
else
{
$m="Message sent from http://maineline.com.ph\n\n";
$m.=$_POST['message']; //escape_data($_POST['message']);
}
Here's the code for the routine...
Code: Select all
function escape_data($data)
{
global $dbconnect;
if (ini_get('magic_quote_gpc'))
{
$data=stripslashes($data);
}
return mysql_real_escape_string(trim($data),$dbconnect);
}
and finally... Here's the mail routine...
Code: Select all
if ($n && $s && $e && $m)
{
ini_set("SMTP","localhost");
ini_set("smtp_port","26");
ini_set("sendmail_from","admin@localhost.com");
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$n."\" <".$e.">\n";
if (mail("netboysbe@yahoo.com",$s,$m,$headers))
{
$message.="<center><p>Success!</p></center>";
}
else
{
$message.="<center><p>The following errors occured!</p></center>";
$errmessage.='<p>Unable to send message.</p>';
}
}
else
{
$message.="<center><p>The following errors occured!</p></center>";
}
JCART | Please use Code: Select all
tags when posting php code. Review [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Posted: Sun Jun 19, 2005 1:22 pm
by John Cartwright
Your function is sort of "dumb" in a sense that you are removing slashes only to escape them again.
You'll find the user comments and or direct example of mysql_real_escape_string() usefull. One I found was
Code: Select all
<?php
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not integer
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
As you can see, it's a bit better than running through all you've done.