?
Solved

PHP Mail

Posted on 2005-04-08
12
Medium Priority
?
334 Views
Last Modified: 2009-12-16
Hi have a PHP mail script.

The user inputs there address and it get's added to the body of the message.

eg.

$body = "First Name".$firstname;

Now when the email comes in it looks fine.

The problme is if the customer places any " ' or . in the text field that causes problems.  How would I tell php to ignor this in the text field.
0
Comment
Question by:Codeit1978
  • 6
  • 6
12 Comments
 
LVL 7

Expert Comment

by:minnirok
ID: 13738945
Use addslashes() to escape all your quotes with slashes.  They will not appear in the email, as PHP requires quotations be escaped in strings.

$body = "First Name".addslashes($firstname);
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13739466
So that will escapte quotations periods and single quotes?
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13739747
Now what about other odd chars like ; for example?
How do i strip that?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 7

Expert Comment

by:minnirok
ID: 13739981
addslashes() will add the escape character '\' to only single quotes, double quotes, and backslashes (escaping itself). There's no need to escape any other character for handling strings within PHP.  If you're just sending $body to the mail function, you don't need to worry about periods or semicolons doing anythink malicious.

If you were passing your string along to a SQL query or outputting for display in an HTML page on the other hand, then you'd have reason to be concerned.  PHP provides mysql_real_escape_string() and htmlspecialchars() to handle each of these cases.  If you desire to remove or replace additional "odd" characters, you'd be able to use str_replace() or ereg_replace() to do the job...
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13739984
Stip slashes is not working.  anywhere there is a ' " it adds a \ in the email.
0
 
LVL 7

Expert Comment

by:minnirok
ID: 13740014
Well, yes, addslashes() will add a backslash to any quote found...  The idea is to addslashes() to ensure that quotes are not misinterpreted by php as the end of a string...  then pass stripslashes($body) to your mail function as the body parameter rather than simply $body alone
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13740148
ahh I got ya
Let me give that a try.

I want the ' " to display in the email.  So passing the stripslashes($body), send that out in the body of the email?
0
 
LVL 7

Expert Comment

by:minnirok
ID: 13740156
I might add, PHP automatically applies addslashes() all input values submitted from forms.  So you only need to remove them on the receiving end.

Specifically, what sort of problems are you running into?  IE detail what behavior are you seeing that is not to your liking...  If you simply want to eliminate all quotes and periods from body, run this:

$body = preg_replace( "/(\.|\'|\"+?)/", "", $body );
0
 
LVL 7

Expert Comment

by:minnirok
ID: 13740169
Yes, stripslashes($body) will remove all the escaped quotation characters from $body... hopefully you'll start seeing the results you expect.
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13740308
Ok just for clairfication this is how I would like it to work.

Customer enters in hight  5'11  or 5"11

Now when the email is sent out I want the email to appear exactily as the end user entered it in as.

So how would I stip the chars and re-add the stiped chars back in when the mail is sent?
0
 
LVL 7

Accepted Solution

by:
minnirok earned 240 total points
ID: 13740642
Ok, if you walk through the following methodology, you should be alright:

                        --SENDING PAGE--
#1) user enters 5'11 into a text input named "height"
#2) as user submits the form, php automatically runs addslashes() to the form data
                        ---RECEIVING PAGE--
#3) $_POST['height'] == "5\'11";  //this is the value for our form variable
                                                 //when the page loads
#4) $body = "You are exactly " . stripslashes( $_POST['height'] ) . " inches tall!\n";
#5) now send your mail:    mail ( $to, $subject, $body );
0
 
LVL 1

Author Comment

by:Codeit1978
ID: 13740767
OK let me give that A try.

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question