php Mail

I'm using the php mail function to send structured emails based on data entered on web forms.

Some of the data entered MAY have single quote or double quote characters in the text. We want the email to reflect EXACTLY what's entered.

It appears that the php mail function "escapes" special characters. So, for example, if the input was O'Hanlon, the email message contains
Customer Name: O\'Hanlon

Is there a way to disable php mail from "escaping" these characters?

If not, is there anither "open source" mail package that doesn't do this?

Richard KortsAsked:
Who is Participating?
 
TeRReFConnect With a Mentor Commented:
I don't understand why you're affraid of INSERT problems while sending mail? If you mean that you changed the chars before you put the names in the DB, there are better ways of doing that. THere is a neat function called mysql_real_escape_string() that handles these potential problems for you:
http://php.net/mysql_real_escape_string

I don't think set_magic_quotes deals with the ` char.

ANyway, I'm not sure why the mail function escapes on it's own. Can't recall ever having these problems. But then again, I usually use PHPMailer for these tasks since it's much better equiped. Maybe you can give that a try:
http://sourceforge.net/projects/phpmailer/
0
 
TeRReFCommented:
Are you sure magic quotes is not on?
Try this line before you send the mail:
set_magic_quotes_runtime(0);
0
 
Richard KortsAuthor Commented:
To TeRRef,

I never heard of set_magic_quotes, but I looked it up.

I tried it but it didn't work. However, I forgot to mention that the actual character at that time is the ` not the ', because I changed all the ' to ` to avoid SQL database insert problems.

Does set_magic_quotes deal with ` also or do I have to send the email AND THEN change ' to `?

Thanks
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Richard KortsAuthor Commented:
To TeRRef,

I'm not afraid of INSERT problems while sending mail. It's just that the sequence of my logic in the php program converted all the ' to ` BEFORE I sent the email because the sending of the mail was an added on requirement.

I know about mysql_real_escape_string() but it doesn't solve the problem on the other end.

Anyway, I'll try set_magic_quotes BEFORE the quote change & if that doesn't work, I'll try PHPmailer.

Thanks for your quick responses, as usual.
0
 
Richard KortsAuthor Commented:
To TeRRef,

I did set_magic_quotes_runtime(0) while the email body had data with ' in it. Still doesn't work.

I'll look at PHPmailer.

Thanks
0
 
Richard KortsAuthor Commented:
To TeRRef,

I tried this & it worked. It removed the "\" from the email body.

$body = stripslashes($body);
$mres = mail($mailto, $subj, $body, $header);

So your answer wasn't the full solution but I'm giving you the points because you are very knowledgable of php, you've helped me before & your comments led me to the solution.

Cheers!      
0
 
TeRReFCommented:
Well done! Thanks for the points :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.