PHP FORM
Hi experts, I have a contact form and when the form is submitted, if they form is not completed and I am writing the value back to the users so users do not have to re-type the whole thing..
I am using session to do that.
The problem is that every where ' character is replaces with \'
How do I fix that...?
Thanks all.
I am using session to do that.
The problem is that every where ' character is replaces with \'
How do I fix that...?
Thanks all.
if (isset($_SESSION['contactMsg']))
{
$si = &$_SESSION['contactMsg'];
$fname = isset($si['fname']) ? $si['fname'] : '';
$lname = isset($si['lname']) ? $si['lname'] : '';
$email = isset($si['email']) ? $si['email'] : '';
$sujet = isset($si['sujet']) ? $si['sujet'] : '';
$message = isset($si['message']) ? $si['message'] : '';
unset($_SESSION['contactMsg']);
}
<form action="send_email.php" method="post" onSubmit="return validate_contact(this)">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3" class="TD-labels-header">Envoyer le message</td>
</tr>
<tr>
<td class="TD-labels">Prénom: <em class="required"> * </em> </td>
<td class="TD-border"> </td>
<td class="TD-values"><input name="fname" id="fname" type="text" size="40" value="<?php echo htmlentities($fname, ENT_QUOTES, 'UTF-8');?>" /></td>
</tr>
<tr>
<td class="TD-labels">Nom: <em class="required"> * </em></td>
<td class="TD-border"> </td>
<td class="TD-values"><input name="lname" id="lname" type="text" size="40" value="<?php echo htmlentities($lname, ENT_QUOTES, 'UTF-8');?>" /></td>
</tr>
<tr>
<td class="TD-labels">Courriel: <em class="required"> * </em></td>
<td class="TD-border"> </td>
<td class="TD-values"><input name="email" id="email" type="text" value="<?php echo htmlentities($email, ENT_QUOTES, 'UTF-8');?>" /></td>
</tr>
<tr>
<td class="TD-labels">Objet: <em class="required"> * </em> </td>
<td class="TD-border"> </td>
<td class="TD-values"><textarea name="sujet" id="sujet"><?php echo htmlentities($sujet, ENT_QUOTES, 'UTF-8');?></textarea></td>
</tr>
<tr>
<td class="TD-labels">Message: <em class="required"> * </em> </td>
<td class="TD-border"> </td>
<td class="TD-values"><textarea name="message" cols="50" rows="10" id="message"><?php echo htmlentities($message, ENT_QUOTES, 'UTF-8');?></textarea></td>
</tr>
<tr>
<td class="TD-labels"> </td>
<td class="TD-border"> </td>
<td class="TD-values"><?php echo recaptcha_get_html($publickey, $error); ?></td>
</tr>
<tr>
<td class="TD-labels"> </td>
<td class="TD-border"> </td>
<td class="TD-values">
<input name="form_secret" id="form_secret" type="hidden" value="<?php echo $_SESSION['FORM_SECRET'];?>" />
<input name="ip" id="ip" type="hidden" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />
</td>
</tr>
<tr>
<td colspan="3" class="TD-labels-header" style="padding-left:600px;"><input name="submit" id="submit" type="submit" value="Envoyer" class="blue_bttn" /></td>
</tr>
</table>
</form>
And in the code:
if (!isset($_SESSION['contactMsg']))
{
$_SESSION['contactMsg'] = array();
}
$si = &$_SESSION['contactMsg'];
// This part is for the email
$fname = clean($_POST['fname'], true);
$lname = clean($_POST['lname'], true);
$ip = trim($_POST['ip']);
$email = clean($_POST['email'], true);
$sujet = clean($_POST['sujet'], true);
$message = clean($_POST['message'], true);
$message = str_replace(array("\\r\\n", "\\r", "\\n"), "<br />", $message);
// This part if the form has problem.
$si['fname'] = trim($_POST['fname']);
$si['lname'] = trim($_POST['lname']);
$si['email'] = trim($_POST['email']);
$si['sujet'] = trim($_POST['sujet']);
$si['message'] = trim($_POST['message']);
$si['ip'] = trim($_POST['ip']);
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even when I tried to do
value="<?php echo $fname;?>"
It is still giving me with the '\
value="<?php echo $fname;?>"
It is still giving me with the '\
ASKER
even in the code: I changed to
$si['fname'] = $_POST['fname'];
$si['fname'] = $_POST['fname'];
have you try out : htmlentities( $message, ENT_COMPAT, 'UTF-8' );
ASKER
I did.. and no.. it is still doing it...
and which charset was selected in the META tag of the page ?
Could you please post the clean function you're using? It's probably that one adding the \'s.
ASKER
Oscar - I am not even using the clean function though.. this is weird...
But here is the clean function
But here is the clean function
function clean($str, $encode_ent = false) {
$str = @trim($str);
if($encode_ent) {
$str = htmlentities($str);
}
if(version_compare(phpversion(),'4.3.0') >= 0) {
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
if(@mysql_ping()) {
$str = mysql_real_escape_string($str);
}
else {
$str = addslashes($str);
}
}
else {
if(!get_magic_quotes_gpc()) {
$str = addslashes($str);
}
}
return $str;
}
Hey!
From what I see, you're using the clean function from line 74 to 79.
As you can see on your newly attached code sample, it adds slashes whether the IF case turns true or false. (but also strips)
Yours sincerely,
Oscar
From what I see, you're using the clean function from line 74 to 79.
As you can see on your newly attached code sample, it adds slashes whether the IF case turns true or false. (but also strips)
Yours sincerely,
Oscar
ASKER
Hi Oscar,
line 74 - 79 - are for storing in the database. But line 83 - 87 - not using - this is my session variable.. right?
line 74 - 79 - are for storing in the database. But line 83 - 87 - not using - this is my session variable.. right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oscar, Thanks for your suggestions...
I think It has nothing to do with the clean() - since I ran with removing the function completely. and I am still getting the same '\
And about the META, I have:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
I think It has nothing to do with the clean() - since I ran with removing the function completely. and I am still getting the same '\
And about the META, I have:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
ASKER
.
ASKER