Codeit1978
asked on
PHP Mail
Hi have a PHP mail script.
The user inputs there address and it get's added to the body of the message.
eg.
$body = "First Name".$firstname;
Now when the email comes in it looks fine.
The problme is if the customer places any " ' or . in the text field that causes problems. How would I tell php to ignor this in the text field.
The user inputs there address and it get's added to the body of the message.
eg.
$body = "First Name".$firstname;
Now when the email comes in it looks fine.
The problme is if the customer places any " ' or . in the text field that causes problems. How would I tell php to ignor this in the text field.
ASKER
So that will escapte quotations periods and single quotes?
ASKER
Now what about other odd chars like ; for example?
How do i strip that?
How do i strip that?
addslashes() will add the escape character '\' to only single quotes, double quotes, and backslashes (escaping itself). There's no need to escape any other character for handling strings within PHP. If you're just sending $body to the mail function, you don't need to worry about periods or semicolons doing anythink malicious.
If you were passing your string along to a SQL query or outputting for display in an HTML page on the other hand, then you'd have reason to be concerned. PHP provides mysql_real_escape_string() and htmlspecialchars() to handle each of these cases. If you desire to remove or replace additional "odd" characters, you'd be able to use str_replace() or ereg_replace() to do the job...
If you were passing your string along to a SQL query or outputting for display in an HTML page on the other hand, then you'd have reason to be concerned. PHP provides mysql_real_escape_string()
ASKER
Stip slashes is not working. anywhere there is a ' " it adds a \ in the email.
Well, yes, addslashes() will add a backslash to any quote found... The idea is to addslashes() to ensure that quotes are not misinterpreted by php as the end of a string... then pass stripslashes($body) to your mail function as the body parameter rather than simply $body alone
ASKER
ahh I got ya
Let me give that a try.
I want the ' " to display in the email. So passing the stripslashes($body), send that out in the body of the email?
Let me give that a try.
I want the ' " to display in the email. So passing the stripslashes($body), send that out in the body of the email?
I might add, PHP automatically applies addslashes() all input values submitted from forms. So you only need to remove them on the receiving end.
Specifically, what sort of problems are you running into? IE detail what behavior are you seeing that is not to your liking... If you simply want to eliminate all quotes and periods from body, run this:
$body = preg_replace( "/(\.|\'|\"+?)/", "", $body );
Specifically, what sort of problems are you running into? IE detail what behavior are you seeing that is not to your liking... If you simply want to eliminate all quotes and periods from body, run this:
$body = preg_replace( "/(\.|\'|\"+?)/", "", $body );
Yes, stripslashes($body) will remove all the escaped quotation characters from $body... hopefully you'll start seeing the results you expect.
ASKER
Ok just for clairfication this is how I would like it to work.
Customer enters in hight 5'11 or 5"11
Now when the email is sent out I want the email to appear exactily as the end user entered it in as.
So how would I stip the chars and re-add the stiped chars back in when the mail is sent?
Customer enters in hight 5'11 or 5"11
Now when the email is sent out I want the email to appear exactily as the end user entered it in as.
So how would I stip the chars and re-add the stiped chars back in when the mail is sent?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK let me give that A try.
$body = "First Name".addslashes($firstnam