PHP Mail

Hi have a PHP mail script.

The user inputs there address and it get's added to the body of the message.

eg.

$body = "First Name".$firstname;

Now when the email comes in it looks fine.

The problme is if the customer places any " ' or . in the text field that causes problems.  How would I tell php to ignor this in the text field.
LVL 1
Codeit1978Asked:
Who is Participating?
 
minnirokCommented:
Ok, if you walk through the following methodology, you should be alright:

                        --SENDING PAGE--
#1) user enters 5'11 into a text input named "height"
#2) as user submits the form, php automatically runs addslashes() to the form data
                        ---RECEIVING PAGE--
#3) $_POST['height'] == "5\'11";  //this is the value for our form variable
                                                 //when the page loads
#4) $body = "You are exactly " . stripslashes( $_POST['height'] ) . " inches tall!\n";
#5) now send your mail:    mail ( $to, $subject, $body );
0
 
minnirokCommented:
Use addslashes() to escape all your quotes with slashes.  They will not appear in the email, as PHP requires quotations be escaped in strings.

$body = "First Name".addslashes($firstname);
0
 
Codeit1978Author Commented:
So that will escapte quotations periods and single quotes?
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
Codeit1978Author Commented:
Now what about other odd chars like ; for example?
How do i strip that?
0
 
minnirokCommented:
addslashes() will add the escape character '\' to only single quotes, double quotes, and backslashes (escaping itself). There's no need to escape any other character for handling strings within PHP.  If you're just sending $body to the mail function, you don't need to worry about periods or semicolons doing anythink malicious.

If you were passing your string along to a SQL query or outputting for display in an HTML page on the other hand, then you'd have reason to be concerned.  PHP provides mysql_real_escape_string() and htmlspecialchars() to handle each of these cases.  If you desire to remove or replace additional "odd" characters, you'd be able to use str_replace() or ereg_replace() to do the job...
0
 
Codeit1978Author Commented:
Stip slashes is not working.  anywhere there is a ' " it adds a \ in the email.
0
 
minnirokCommented:
Well, yes, addslashes() will add a backslash to any quote found...  The idea is to addslashes() to ensure that quotes are not misinterpreted by php as the end of a string...  then pass stripslashes($body) to your mail function as the body parameter rather than simply $body alone
0
 
Codeit1978Author Commented:
ahh I got ya
Let me give that a try.

I want the ' " to display in the email.  So passing the stripslashes($body), send that out in the body of the email?
0
 
minnirokCommented:
I might add, PHP automatically applies addslashes() all input values submitted from forms.  So you only need to remove them on the receiving end.

Specifically, what sort of problems are you running into?  IE detail what behavior are you seeing that is not to your liking...  If you simply want to eliminate all quotes and periods from body, run this:

$body = preg_replace( "/(\.|\'|\"+?)/", "", $body );
0
 
minnirokCommented:
Yes, stripslashes($body) will remove all the escaped quotation characters from $body... hopefully you'll start seeing the results you expect.
0
 
Codeit1978Author Commented:
Ok just for clairfication this is how I would like it to work.

Customer enters in hight  5'11  or 5"11

Now when the email is sent out I want the email to appear exactily as the end user entered it in as.

So how would I stip the chars and re-add the stiped chars back in when the mail is sent?
0
 
Codeit1978Author Commented:
OK let me give that A try.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.