Solved

PHP FORM

Posted on 2009-06-27
15
326 Views
Last Modified: 2012-05-07
Hi experts, I have a contact form and when the form is submitted, if they form is not completed and I am writing the value back to the users so users do not have to re-type the whole thing..

I am using session to do that.

The problem is that every where ' character is replaces with  \'

How do I fix that...?

Thanks all.
if (isset($_SESSION['contactMsg']))

{

  $si = &$_SESSION['contactMsg'];

  $fname = isset($si['fname']) ? $si['fname'] : '';

  $lname = isset($si['lname']) ? $si['lname'] : '';

  $email = isset($si['email']) ? $si['email'] : '';

  $sujet = isset($si['sujet']) ? $si['sujet'] : '';

  $message = isset($si['message']) ? $si['message'] : '';

  unset($_SESSION['contactMsg']);

}
 
 

<form action="send_email.php" method="post" onSubmit="return validate_contact(this)">

	<table width="100%" border="0" cellspacing="0" cellpadding="0">
 

	  <tr>

		<td colspan="3"  class="TD-labels-header">Envoyer le message</td>

	  </tr>

	  <tr>

		<td class="TD-labels">Pr&eacute;nom:  <em class="required"> * </em> </td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><input name="fname" id="fname" type="text" size="40" value="<?php echo htmlentities($fname, ENT_QUOTES, 'UTF-8');?>" /></td>

	  </tr>

	  <tr>

		<td class="TD-labels">Nom:   <em class="required"> * </em></td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><input name="lname" id="lname" type="text" size="40" value="<?php echo htmlentities($lname, ENT_QUOTES, 'UTF-8');?>" /></td>

	  </tr>

	  

	  <tr>

		<td class="TD-labels">Courriel:  <em class="required"> * </em></td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><input name="email" id="email" type="text"  value="<?php echo htmlentities($email, ENT_QUOTES, 'UTF-8');?>" /></td>

	  </tr>

	  <tr>

		<td class="TD-labels">Objet:  <em class="required"> * </em> </td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><textarea name="sujet" id="sujet"><?php echo htmlentities($sujet, ENT_QUOTES, 'UTF-8');?></textarea></td>

	  </tr>

	  <tr>

		<td class="TD-labels">Message:  <em class="required"> * </em> </td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><textarea name="message" cols="50" rows="10" id="message"><?php echo htmlentities($message, ENT_QUOTES, 'UTF-8');?></textarea></td>

	  </tr>

	  <tr>

		<td class="TD-labels">&nbsp;</td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values"><?php echo recaptcha_get_html($publickey, $error); ?></td>

	  </tr>

	  <tr>

		<td class="TD-labels">&nbsp;</td>

		<td class="TD-border">&nbsp;</td>

		<td class="TD-values">

			<input name="form_secret" id="form_secret" type="hidden" value="<?php echo $_SESSION['FORM_SECRET'];?>"  />

			<input name="ip" id="ip" type="hidden" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" />

		</td>

	  </tr>		

	  <tr>

		<td colspan="3" class="TD-labels-header" style="padding-left:600px;"><input name="submit" id="submit" type="submit" value="Envoyer" class="blue_bttn" /></td>

	  </tr>								  								

  </table>

</form>	
 
 

And in the code:
 

if (!isset($_SESSION['contactMsg']))

{

  $_SESSION['contactMsg'] = array();

}
 

$si = &$_SESSION['contactMsg'];

// This part is for the email

$fname = clean($_POST['fname'], true);

$lname = clean($_POST['lname'], true);

$ip = trim($_POST['ip']);

$email = clean($_POST['email'], true);

$sujet = clean($_POST['sujet'], true);

$message = clean($_POST['message'], true);

$message = str_replace(array("\\r\\n", "\\r", "\\n"), "<br />", $message);
 

// This part if the form has problem. 

$si['fname'] = trim($_POST['fname']);

$si['lname'] = trim($_POST['lname']);

$si['email'] = trim($_POST['email']);

$si['sujet'] = trim($_POST['sujet']);

$si['message'] = trim($_POST['message']);

$si['ip'] = trim($_POST['ip']);

Open in new window

0
Comment
Question by:listings_
  • 8
  • 3
  • 2
  • +2
15 Comments
 
LVL 3

Accepted Solution

by:
robofix earned 167 total points
ID: 24727667
I think this has to do with your extensive usage of the htmlentities PHP function.
See here for reference: http://www.php.net/htmlentities

Try replacing the argument ENT_QUOTES            by ENT_NOQUOTES  .

0
 

Author Comment

by:listings_
ID: 24727681
I tried - No, it was not that....
0
 

Author Comment

by:listings_
ID: 24727692
Even when I tried to do
value="<?php echo $fname;?>"

It is still giving me with the '\
0
 

Author Comment

by:listings_
ID: 24727698
even in the code: I changed to

$si['fname'] = $_POST['fname'];

0
 
LVL 3

Expert Comment

by:JPM
ID: 24728057
have you try out  :      htmlentities( $message, ENT_COMPAT, 'UTF-8' );


0
 

Author Comment

by:listings_
ID: 24728126
I did.. and no.. it is still doing it...
0
 
LVL 3

Expert Comment

by:JPM
ID: 24728167
and which charset was selected in the META tag of the page ?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:OscarEL
ID: 24729122
Could you please post the clean function you're using? It's probably that one adding the \'s.
0
 

Author Comment

by:listings_
ID: 24729317
Oscar - I am not even using the clean function though.. this is weird...

But here is the clean function


function clean($str, $encode_ent = false) {

	$str  = @trim($str);

	if($encode_ent) {

		$str = htmlentities($str);

	}

	if(version_compare(phpversion(),'4.3.0') >= 0) {

		if(get_magic_quotes_gpc()) {

			$str = stripslashes($str);

		}

		if(@mysql_ping()) {

			$str = mysql_real_escape_string($str);

		}

		else {

			$str = addslashes($str);

		}

	}

	else {

		if(!get_magic_quotes_gpc()) {

			$str = addslashes($str);

		}

	}

	

	return $str;

}

Open in new window

0
 
LVL 1

Expert Comment

by:OscarEL
ID: 24729673
Hey!

From what I see, you're using the clean function from line 74 to 79.

As you can see on your newly attached code sample, it adds slashes whether the IF case turns true or false. (but also strips)

Yours sincerely,
Oscar
0
 

Author Comment

by:listings_
ID: 24730114
Hi Oscar,

line 74 - 79 - are for storing in the database. But line 83 - 87 - not using - this is my session variable.. right?
0
 
LVL 1

Assisted Solution

by:OscarEL
OscarEL earned 167 total points
ID: 24730189
Hey.

Try removing the clean(); functions and see if everything goes well. Debugging an application / script is an important thing, and you shall always debug it, by removing / adding bits of your code. You can even try rewriting it a few times, just to improve it.

Yours sincerely,
Oscar.
0
 
LVL 1

Assisted Solution

by:nwteam
nwteam earned 166 total points
ID: 24751338
I use a similar clean function here is my code give it ago:

function clean($str) {
            $str = @trim($str);
            if(get_magic_quotes_gpc()) {
                  $str = stripslashes($str);
            }
            return mysql_real_escape_string($str);
      }
0
 

Author Comment

by:listings_
ID: 24753067
Oscar, Thanks for your suggestions...

I think It has nothing to do with the clean() - since I ran with removing the function completely. and I am still getting the same '\

And about the META, I have:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
0
 

Author Closing Comment

by:listings_
ID: 31597544
.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now