Page 1 of 1

Escaped apostrophe in the email

Posted: Thu Jun 01, 2006 11:54 am
by penpaper
I am still having trouble with the apostrophes being escaped in the email. We've managed to get rid of the excape everywhere else but in the email. Here's the code.

Code: Select all

function email($ad, $orderNo, $orderTot, $firstName, $lastName, $address1, $address2, $city, $state, $zip, $telephone, $cemail, $where, $startDate, $endDate, $message)

{
# Need to include the IP address of the sender of the email - 
# just in case there is any abuse

$ip = get_remote_ip();


$ad = $_POST['ad']; $ad = ltrim($_POST['ad']);
$orderNo = ltrim($_POST['orderNo']);
$firstName = stripslashes($_POST['firstName']); $firstName = ltrim($_POST['firstName']);
$lastName = stripslashes($_POST['lastName']); $firstName = ltrim($_POST['firstName']);
$address1 = stripslashes($_POST['address1']); $address1 = ltrim($_POST['address1']);
$address2 = stripslashes($_POST['address2']); $address1 = ltrim($_POST['address1']);
$city = stripslashes($_POST['city']); $city = ltrim($_POST['city']);
$state = stripslashes($_POST['state']); $state = ltrim($_POST['state']);
$zip = stripslashes($_POST['zip']); $zip = ltrim($_POST['zip']);
$telephone = stripslashes($_POST['telephone']); $telephone = ltrim($_POST['telephone']);
$cemail = stripslashes($_POST['cemail']); $cemail = ltrim($_POST['cemail']);
$where = $_POST['where'];
$startDate = ltrim($_POST['startDate']);
$endDate = ltrim($_POST['endDate']);	
$message = stripslashes($_POST['message']);	 $message = ltrim($_POST['message']);
$message = htmlspecialchars($message);	

#	Need to include the day of the week after the date
#	in the email 

$startDay = date("l",mktime(0,0,0,substr($startDate,0,2),substr($startDate,3,2),substr($startDate,8,2)));
$endDay = date("l",mktime(0,0,0,substr($endDate,0,2),substr($endDate,3,2),substr($endDate,8,2)));


	$to = "communitychannel@.net";
	$subject = "Message or Ad Posting for the Community Channel";
	$mailheaders = "From: $cemail \n";
	$mailheaders .= "Reply-To: $cemail\n\n";
	
	$msg = 	"E-mail sent from:  Community Channel's Online Services \n\n";
	$msg .= "First Name: \t $firstName \n";
	$msg .= "Last Name: \t $lastName \n";
	$msg .= "Address: \t $address1\n";
	$msg .= "Address 2: \t $address2 \n";
	$msg .= "City: \t\t $city \n";
	$msg .= "State: \t\t $state\n";
	$msg .= "Zip Code: \t$zip\n";
	$msg .= "Telephone: \t$telephone\n";
	$msg .= "E-mail: \t$cemail\n\n";
	$msg .= "Order Number: \t $orderNo \n";
	$msg .= "Message or Ad: \t $ad \n\n";
	$msg .= "Communities where the message or ad should appear: $where \n\n";
	$msg .= "Message or Ad Start Date: \t $startDate \t $startDay \n";
	$msg .= "Message or Ad End Date: \t $endDate \t $endDay \n\n";
	$msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
	$msg .= "IP Address: \t $ip ";
	
	
	if(mail($to, $subject, $msg, $mailheaders)) { ?>
	<div class="contentheader">Thank You For Using Our Online Services</div><br>
	<div class="mediumtext">Your <?php echo ($ad); ?>has been  <br>emailed to the Community Channel for processing.<br><br>Thank you for using Community Channel's online services.</div> 
<? }else{ ?>
<div class="mediumtext">There was a problem sending the email.  Please make sure that you completed the form correctly.</div>
<? }  
 
}	// end of email function
THANKS!!! lauren

Re: Escaped apostrophe in the email

Posted: Thu Jun 01, 2006 1:17 pm
by RobertGonzalez
penpaper, can you please wrap your PHP code in

Code: Select all

tags? It makes it a little easier to read. Thanks....

Here is the code, with a little cleaning up. What is not working in it?

[syntax="php"]<?php
function email($ad, $orderNo, $orderTot, $firstName, $lastName, $address1, $address2, $city, $state, $zip, $telephone, $cemail, $where, $startDate, $endDate, $message)

{
  // Need to include the IP address of the sender of the email - 
  // just in case there is any abuse
  $ip = get_remote_ip();

  $ad = ltrim($_POST['ad']);
  $orderNo = ltrim($_POST['orderNo']);
  $firstName = ltrim(stripsalshes($_POST['firstName']));
  $firstName = ltrim(stripslashes($_POST['firstName']));
  $address1 = ltrim(stripslashes($_POST['address1']));
  $address2 = ltrim(stripslashes($_POST['address2']));
  $city = ltrim(stripslashes($_POST['city']));
  $state = ltrim(stripslashes($_POST['state']));
  $zip = ltrim(stripslashes($_POST['zip']));
  $telephone = ltrim(stripslashes($_POST['telephone']));
  $cemail = ltrim(stripslashes($_POST['cemail']));
  $where = $_POST['where'];
  $startDate = ltrim($_POST['startDate']);
  $endDate = ltrim($_POST['endDate']);	
  $message = htmlspecialchars(ltrim(stripslashes($_POST['message'])));

  // Need to include the day of the week after the date
  // in the email 

  $startDay = date("l",mktime(0,0,0,substr($startDate,0,2),substr($startDate,3,2),substr($startDate,8,2)));
  $endDay = date("l",mktime(0,0,0,substr($endDate,0,2),substr($endDate,3,2),substr($endDate,8,2)));

  $to = "communitychannel@.net";
  $subject = "Message or Ad Posting for the Community Channel";
  $mailheaders = "From: $cemail \n";
  $mailheaders .= "Reply-To: $cemail\n\n";
	
  $msg = "E-mail sent from:  Community Channel's Online Services \n\n";
  $msg .= "First Name: \t $firstName \n";
  $msg .= "Last Name: \t $lastName \n";
  $msg .= "Address: \t $address1\n";
  $msg .= "Address 2: \t $address2 \n";
  $msg .= "City: \t\t $city \n";
  $msg .= "State: \t\t $state\n";
  $msg .= "Zip Code: \t$zip\n";
  $msg .= "Telephone: \t$telephone\n";
  $msg .= "E-mail: \t$cemail\n\n";
  $msg .= "Order Number: \t $orderNo \n";
  $msg .= "Message or Ad: \t $ad \n\n";
  $msg .= "Communities where the message or ad should appear: $where \n\n";
  $msg .= "Message or Ad Start Date: \t $startDate \t $startDay \n";
  $msg .= "Message or Ad End Date: \t $endDate \t $endDay \n\n";
  $msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
  $msg .= "IP Address: \t $ip ";

  if(mail($to, $subject, $msg, $mailheaders)) 
  { 
?>
	<div class="contentheader">Thank You For Using Our Online Services</div><br>
	<div class="mediumtext">Your <?php echo ($ad); ?>has been  <br>emailed to the Community Channel for processing.<br><br>Thank you for using Community Channel's online services.</div> 
<?php 
}else{ 
?>
<div class="mediumtext">There was a problem sending the email.  Please make sure that you completed the form correctly.</div>
<?php }  
}	// end of email function
?>
[/syntax]

Posted: Thu Jun 01, 2006 1:41 pm
by penpaper
the email that is generated by the code has backslashes excaping any apostrophes

ie: "Mary\'s brown coat\'s button\'s " The stripslashes do no good at all.

I'll use php tags rather than code tags in the future.

penpaper

Posted: Thu Jun 01, 2006 2:00 pm
by RobertGonzalez
Echo the string, the echo the string inside of a stripslashes and see if they are different. If might that you have magic_quotes_qpc() on and that you are addslashing() also.

Code: Select all

<?php
echo $string_with_single_quote;
echo '<br />';
echo stripslashes($string_with_single_quote);
?>

Posted: Thu Jun 01, 2006 2:42 pm
by penpaper
We checked yesterday and the magic_quotes_gcp is ON. I added code to the file that calls the email function as follows:

Code: Select all

echo "I'm going to echo the message text without stripslashes here  <br />";
echo $message;
echo '<br />';
echo "Now I'll echo the same thing with the stripslashes <br />";
echo stripslashes($message);
The message that printed had escapes the first time and did not have escapes the second time.

I added the following line to the email code

Code: Select all

$msg .= "Message without stripslashes: \t $message \n\n";
and got the following (the stripslashes makes no difference except that "stripslashes"() prints in the email) -

Message without stripslashes: I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on.

Message or Ad Text: stripslashes(I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on. )

AUGGGHHH!!!!!

Posted: Thu Jun 01, 2006 3:28 pm
by RobertGonzalez
Working backwards, try this...

Code: Select all

<?php
echo '<p>This is the message straight from the form...</p>';
echo '<p>' . $_POST['message'] . '</p>';
echo '<p>This is the message after some tweaking...</p>';
$message = htmlspecialchars(ltrim(stripslashes($_POST['message']))); 
echo '<p>' . $message . '</p>';
?>
Run this at the very beginning of your page to see what is being sent from the form before any manipulation.

Posted: Thu Jun 01, 2006 3:55 pm
by penpaper
I cut and pasted your code to the top of the form that receives the variables with the folowing result:

This is the message straight from the form...

I\'ve added the recommended code to the top of the confirm form and the function called by the confirm form. Here\'s hoping that this time there\'s a difference between the plain message and the one that\'s stripped

This is the message after some tweaking...

I've added the recommended code to the top of the confirm form and the function called by the confirm form. Here's hoping that this time there's a difference between the plain message and the one that's stripped


I also pasted it at the beginning of the function that the receiving form calls with the same result.

Posted: Thu Jun 01, 2006 4:36 pm
by RobertGonzalez
So then this...

Code: Select all

<?php
$message = htmlspecialchars(ltrim(stripslashes($_POST['message']))); 
?>
is giving you what you want?

Posted: Thu Jun 01, 2006 5:10 pm
by penpaper
Yes! on the regular pages where I'm printing or echoing to screen it works GREAT. However, when I put

Code: Select all

$msg .= "Message or Ad Text: \t  stripslashes($message)  \n\n";
In the email function (1) it didn't work and (2) the code showed up like this -

Message or Ad Text: stripslashes(I\'ve added to to order_result and the email so that the message will
print without the stripslashes and with the stripslashes. Hope I\'ll
see some dfference so we\'ll get some idea what\'s going on. )


So, is there something that can be done in the email that will strip slashes and not show up in the email?

once again, Thanks for your time

Posted: Thu Jun 01, 2006 5:21 pm
by RobertGonzalez
Once you run it through stripslashes once, don't do it anymore. This line here...

Code: Select all

<?php
$message = htmlspecialchars(ltrim(stripslashes($_POST['message'])));
?>
... seems to be setting your $message var to the clean output. Why not just use $message instead of stripslashes($message)?

Posted: Thu Jun 01, 2006 6:09 pm
by penpaper
I removed all my coding regarding stripslashes and ltrim and htmlspecialchars from the top fo the email function and ran thru.

the resulting email had NO message at all. So, I put your coding at the top of the email function. I read about nesting function calls but now really understand. Here is what came thru the email message.

Message or Ad Text: I put the message = htmlspecialchars(ltrim(stripslashes($_POST
['message']))); back into the top of the email function because the
last time there was NO message. I'm hoping this will work even
though my less safistocated (sp?) coding didn't work before.

IT WORKS!!! HIP, HIP, HURRAY! For you are certainly a jolly good fellow.

Thank you very much!!!! I have truly learned lots and finally have what I need.

Lauren

Posted: Thu Jun 01, 2006 7:38 pm
by RobertGonzalez
Glad it works. Now get to coding something else... :wink: