Escaped apostrophe in the email

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Escaped apostrophe in the email

Post by penpaper »

I am still having trouble with the apostrophes being escaped in the email. We've managed to get rid of the excape everywhere else but in the email. Here's the code.

Code: Select all

function email($ad, $orderNo, $orderTot, $firstName, $lastName, $address1, $address2, $city, $state, $zip, $telephone, $cemail, $where, $startDate, $endDate, $message)

{
# Need to include the IP address of the sender of the email - 
# just in case there is any abuse

$ip = get_remote_ip();


$ad = $_POST['ad']; $ad = ltrim($_POST['ad']);
$orderNo = ltrim($_POST['orderNo']);
$firstName = stripslashes($_POST['firstName']); $firstName = ltrim($_POST['firstName']);
$lastName = stripslashes($_POST['lastName']); $firstName = ltrim($_POST['firstName']);
$address1 = stripslashes($_POST['address1']); $address1 = ltrim($_POST['address1']);
$address2 = stripslashes($_POST['address2']); $address1 = ltrim($_POST['address1']);
$city = stripslashes($_POST['city']); $city = ltrim($_POST['city']);
$state = stripslashes($_POST['state']); $state = ltrim($_POST['state']);
$zip = stripslashes($_POST['zip']); $zip = ltrim($_POST['zip']);
$telephone = stripslashes($_POST['telephone']); $telephone = ltrim($_POST['telephone']);
$cemail = stripslashes($_POST['cemail']); $cemail = ltrim($_POST['cemail']);
$where = $_POST['where'];
$startDate = ltrim($_POST['startDate']);
$endDate = ltrim($_POST['endDate']);	
$message = stripslashes($_POST['message']);	 $message = ltrim($_POST['message']);
$message = htmlspecialchars($message);	

#	Need to include the day of the week after the date
#	in the email 

$startDay = date("l",mktime(0,0,0,substr($startDate,0,2),substr($startDate,3,2),substr($startDate,8,2)));
$endDay = date("l",mktime(0,0,0,substr($endDate,0,2),substr($endDate,3,2),substr($endDate,8,2)));


	$to = "communitychannel@.net";
	$subject = "Message or Ad Posting for the Community Channel";
	$mailheaders = "From: $cemail \n";
	$mailheaders .= "Reply-To: $cemail\n\n";
	
	$msg = 	"E-mail sent from:  Community Channel's Online Services \n\n";
	$msg .= "First Name: \t $firstName \n";
	$msg .= "Last Name: \t $lastName \n";
	$msg .= "Address: \t $address1\n";
	$msg .= "Address 2: \t $address2 \n";
	$msg .= "City: \t\t $city \n";
	$msg .= "State: \t\t $state\n";
	$msg .= "Zip Code: \t$zip\n";
	$msg .= "Telephone: \t$telephone\n";
	$msg .= "E-mail: \t$cemail\n\n";
	$msg .= "Order Number: \t $orderNo \n";
	$msg .= "Message or Ad: \t $ad \n\n";
	$msg .= "Communities where the message or ad should appear: $where \n\n";
	$msg .= "Message or Ad Start Date: \t $startDate \t $startDay \n";
	$msg .= "Message or Ad End Date: \t $endDate \t $endDay \n\n";
	$msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
	$msg .= "IP Address: \t $ip ";
	
	
	if(mail($to, $subject, $msg, $mailheaders)) { ?>
	<div class="contentheader">Thank You For Using Our Online Services</div><br>
	<div class="mediumtext">Your <?php echo ($ad); ?>has been  <br>emailed to the Community Channel for processing.<br><br>Thank you for using Community Channel's online services.</div> 
<? }else{ ?>
<div class="mediumtext">There was a problem sending the email.  Please make sure that you completed the form correctly.</div>
<? }  
 
}	// end of email function
THANKS!!! lauren
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Re: Escaped apostrophe in the email

Post by RobertGonzalez »

penpaper, can you please wrap your PHP code in

Code: Select all

tags? It makes it a little easier to read. Thanks....

Here is the code, with a little cleaning up. What is not working in it?

[syntax="php"]<?php
function email($ad, $orderNo, $orderTot, $firstName, $lastName, $address1, $address2, $city, $state, $zip, $telephone, $cemail, $where, $startDate, $endDate, $message)

{
  // Need to include the IP address of the sender of the email - 
  // just in case there is any abuse
  $ip = get_remote_ip();

  $ad = ltrim($_POST['ad']);
  $orderNo = ltrim($_POST['orderNo']);
  $firstName = ltrim(stripsalshes($_POST['firstName']));
  $firstName = ltrim(stripslashes($_POST['firstName']));
  $address1 = ltrim(stripslashes($_POST['address1']));
  $address2 = ltrim(stripslashes($_POST['address2']));
  $city = ltrim(stripslashes($_POST['city']));
  $state = ltrim(stripslashes($_POST['state']));
  $zip = ltrim(stripslashes($_POST['zip']));
  $telephone = ltrim(stripslashes($_POST['telephone']));
  $cemail = ltrim(stripslashes($_POST['cemail']));
  $where = $_POST['where'];
  $startDate = ltrim($_POST['startDate']);
  $endDate = ltrim($_POST['endDate']);	
  $message = htmlspecialchars(ltrim(stripslashes($_POST['message'])));

  // Need to include the day of the week after the date
  // in the email 

  $startDay = date("l",mktime(0,0,0,substr($startDate,0,2),substr($startDate,3,2),substr($startDate,8,2)));
  $endDay = date("l",mktime(0,0,0,substr($endDate,0,2),substr($endDate,3,2),substr($endDate,8,2)));

  $to = "communitychannel@.net";
  $subject = "Message or Ad Posting for the Community Channel";
  $mailheaders = "From: $cemail \n";
  $mailheaders .= "Reply-To: $cemail\n\n";
	
  $msg = "E-mail sent from:  Community Channel's Online Services \n\n";
  $msg .= "First Name: \t $firstName \n";
  $msg .= "Last Name: \t $lastName \n";
  $msg .= "Address: \t $address1\n";
  $msg .= "Address 2: \t $address2 \n";
  $msg .= "City: \t\t $city \n";
  $msg .= "State: \t\t $state\n";
  $msg .= "Zip Code: \t$zip\n";
  $msg .= "Telephone: \t$telephone\n";
  $msg .= "E-mail: \t$cemail\n\n";
  $msg .= "Order Number: \t $orderNo \n";
  $msg .= "Message or Ad: \t $ad \n\n";
  $msg .= "Communities where the message or ad should appear: $where \n\n";
  $msg .= "Message or Ad Start Date: \t $startDate \t $startDay \n";
  $msg .= "Message or Ad End Date: \t $endDate \t $endDay \n\n";
  $msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
  $msg .= "IP Address: \t $ip ";

  if(mail($to, $subject, $msg, $mailheaders)) 
  { 
?>
	<div class="contentheader">Thank You For Using Our Online Services</div><br>
	<div class="mediumtext">Your <?php echo ($ad); ?>has been  <br>emailed to the Community Channel for processing.<br><br>Thank you for using Community Channel's online services.</div> 
<?php 
}else{ 
?>
<div class="mediumtext">There was a problem sending the email.  Please make sure that you completed the form correctly.</div>
<?php }  
}	// end of email function
?>
[/syntax]
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Post by penpaper »

the email that is generated by the code has backslashes excaping any apostrophes

ie: "Mary\'s brown coat\'s button\'s " The stripslashes do no good at all.

I'll use php tags rather than code tags in the future.

penpaper
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Echo the string, the echo the string inside of a stripslashes and see if they are different. If might that you have magic_quotes_qpc() on and that you are addslashing() also.

Code: Select all

<?php
echo $string_with_single_quote;
echo '<br />';
echo stripslashes($string_with_single_quote);
?>
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Post by penpaper »

We checked yesterday and the magic_quotes_gcp is ON. I added code to the file that calls the email function as follows:

Code: Select all

echo "I'm going to echo the message text without stripslashes here  <br />";
echo $message;
echo '<br />';
echo "Now I'll echo the same thing with the stripslashes <br />";
echo stripslashes($message);
The message that printed had escapes the first time and did not have escapes the second time.

I added the following line to the email code

Code: Select all

$msg .= "Message without stripslashes: \t $message \n\n";
and got the following (the stripslashes makes no difference except that "stripslashes"() prints in the email) -

Message without stripslashes: I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on.

Message or Ad Text: stripslashes(I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on. )

AUGGGHHH!!!!!
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Working backwards, try this...

Code: Select all

<?php
echo '<p>This is the message straight from the form...</p>';
echo '<p>' . $_POST['message'] . '</p>';
echo '<p>This is the message after some tweaking...</p>';
$message = htmlspecialchars(ltrim(stripslashes($_POST['message']))); 
echo '<p>' . $message . '</p>';
?>
Run this at the very beginning of your page to see what is being sent from the form before any manipulation.
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Post by penpaper »

I cut and pasted your code to the top of the form that receives the variables with the folowing result:

This is the message straight from the form...

I\'ve added the recommended code to the top of the confirm form and the function called by the confirm form. Here\'s hoping that this time there\'s a difference between the plain message and the one that\'s stripped

This is the message after some tweaking...

I've added the recommended code to the top of the confirm form and the function called by the confirm form. Here's hoping that this time there's a difference between the plain message and the one that's stripped


I also pasted it at the beginning of the function that the receiving form calls with the same result.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

So then this...

Code: Select all

<?php
$message = htmlspecialchars(ltrim(stripslashes($_POST['message']))); 
?>
is giving you what you want?
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Post by penpaper »

Yes! on the regular pages where I'm printing or echoing to screen it works GREAT. However, when I put

Code: Select all

$msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
In the email function (1) it didn't work and (2) the code showed up like this -

Message or Ad Text: stripslashes(I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on. )


So, is there something that can be done in the email that will strip slashes and not show up in the email?

once again, Thanks for your time
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Once you run it through stripslashes once, don't do it anymore. This line here...

Code: Select all

<?php
$message = htmlspecialchars(ltrim(stripslashes($_POST['message'])));
?>
... seems to be setting your $message var to the clean output. Why not just use $message instead of stripslashes($message)?
penpaper
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 6:45 pm
Location: Coudersport, PA, USA

Post by penpaper »

I removed all my coding regarding stripslashes and ltrim and htmlspecialchars from the top fo the email function and ran thru.

the resulting email had NO message at all. So, I put your coding at the top of the email function. I read about nesting function calls but now really understand. Here is what came thru the email message.

Message or Ad Text: I put the message = htmlspecialchars(ltrim(stripslashes($_POST
['message']))); back into the top of the email function because the
last time there was NO message. I'm hoping this will work even
though my less safistocated (sp?) coding didn't work before.

IT WORKS!!! HIP, HIP, HURRAY! For you are certainly a jolly good fellow.

Thank you very much!!!! I have truly learned lots and finally have what I need.

Lauren
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Glad it works. Now get to coding something else... :wink:
Post Reply