timmah1 Posted January 8, 2009 Share Posted January 8, 2009 I enter information for our newsletter. I click submit for it to go into the database, then it emails all of the members automatically. The problem I'm having is with " and ' showing up properly in the email To enter the information, I have this $left1 = mysql_escape_string($_POST['content_left']); $right1 = mysql_escape_string($_POST['content_right']); Then, to display it properly in the email, I have this $left = nl2br($left1); $right = nl2br($right1); When it shows in the email, it does this SOLON SPORTSMEN\\\\\\\'S ASSOCIATION And if these is a " in the email, it stops right there and don't show the rest of the message. How can fix this to display properly? Thanks in advance Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 8, 2009 Share Posted January 8, 2009 you are escaping your data too many times before putting it in the database -check to make sure magic_quotes is off: http://us.php.net/manual/en/security.magicquotes.disabling.php -make sure you are only using mysql_real_escape_string() once -make sure there are no other functions like addslashes() being run on the POST values Quote Link to comment Share on other sites More sharing options...
premiso Posted January 8, 2009 Share Posted January 8, 2009 Check to see if magic_quotes are turned on, if so you need stripslashes on the post data before running mysql_escape_string, and I think you should be using mysql_real_escape_string I think the mysql_escape_string is depreciated. The reason you get the \\\\\\ is from double escaping. You can use this function to test if magic quote are on get_magic_quotes_gpc. Changelog Version Description 5.3.0 This function now throws an E_DEPRECATED notice. 4.3.0 This function became deprecated, do not use this function. Instead, use mysql_real_escape_string(). That came from the mysql_escape_string man page. Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Author Share Posted January 8, 2009 I ran a script like this echo get_magic_quotes_gpc(); and it came back 1 So, I did this to the code $month = $_POST['month']; $year = $_POST['year']; $left1 = stripslashes(mysql_real_escape_string($_POST['content_left'])); $right1 = stripslashes(mysql_real_escape_string($_POST['content_right'])); $sql = "INSERT INTO newsletter(month, year, content_left, content_right) VALUES( '$month', '$year', '$left1', '$right1');"; mysql_query($sql) or die("Sorry, there was a problem inserting the newsletter ".mysql_error()); echo "Newsletter has been inserted<br /><br /><br />"; It inserts into the database properly, it's the displaying aspect that's the problem And the part that actually sends the email is this $month = $_POST['month']; $year = $_POST['year']; $left1 = stripslashes(mysql_real_escape_string($_POST['content_left'])); $right1 = stripslashes(mysql_real_escape_string($_POST['content_right'])); //Now send the newsletter to everybody $subscriber = $_POST['user']; $together = implode(", ", $subscriber); $today = date("l F j, Y"); $month = $_POST['month']; $year = $_POST['year']; $left = nl2br($left1); $right = nl2br($right1); Quote Link to comment Share on other sites More sharing options...
premiso Posted January 8, 2009 Share Posted January 8, 2009 Flip the strip and the escape: $left1 = mysql_real_escape_string(stripslashes($_POST['content_left'])); $right1 = mysql_real_escape_string(stripslashes($_POST['content_right'])); You want to strip them before escaping or else you run into the same problem. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 8, 2009 Share Posted January 8, 2009 and when sending the email...don't use data that has been run through mysql_real_escape_string()...but DO run it through stripslashes() Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Author Share Posted January 8, 2009 Thanks permiso, I changed it and the result is this SOLON SPORTSMEN\\\'S ASSOCIATION Only adding 2 now Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Author Share Posted January 8, 2009 thanks rhodesa, now it's only showing 1 \ but anything after \" something\" does not show up I have it saying in the database You might have \"something\" that might destroy you It is only showing You might have \ Quote Link to comment Share on other sites More sharing options...
premiso Posted January 8, 2009 Share Posted January 8, 2009 mysql_real_escape_string should only be for database entries. For emails you just need to remove the initial slashes. $left1 = stripslashes($_POST['content_left']); $right1 = stripslashes($_POST['content_right']); If, for whatever reason your server doubles up on the slashes you can call that function twice, but it should not be doing this. Can you post that code that sends the email? Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Author Share Posted January 8, 2009 if($_POST['submit']) { require("config_news.php"); $month = $_POST['month']; $year = $_POST['year']; $left1 = stripslashes($_POST['content_left']); $right1 = stripslashes($_POST['content_right']); //Now send the newsletter to everybody $subscriber = $_POST['user']; $together = implode(", ", $subscriber); $today = date("l F j, Y"); $month = $_POST['month']; $year = $_POST['year']; $left = nl2br($left1); $right = nl2br($right1); //define the receiver of the email //$to = "Solon Sportsmen Members <$together>"; $to = "Vegas D Sports <tpatterson@cheezyfries.net>"; $subject = "Solon Sportsmen Newsletter {$month} {$year}"; $message = " "; $name = "Solon Sportsmen"; $from = "NOREPLY@solonsportsmen.org"; $headers = "From: ". $name . " <" . $from . ">\r\n"; $headers .= "Content-Type: text/html; charset=\"iso-8859-1\""; $headers .= "Content-Transfer-Encoding: 7bit"; $headers .= 'Cc: tracey@hxcteam.com' . "\r\n"; // now lets send the email. mail($to, $subject, $message, $headers); } That is the code that sends out the email Quote Link to comment Share on other sites More sharing options...
premiso Posted January 8, 2009 Share Posted January 8, 2009 I fail to see where you use "left" and "right" in that code...? And are you still getting the extra slash? Quote Link to comment Share on other sites More sharing options...
timmah1 Posted January 8, 2009 Author Share Posted January 8, 2009 I'm sorry, here it is if($_POST['submit']) { require("config_news.php"); $month = $_POST['month']; $year = $_POST['year']; $left1 = stripslashes($_POST['content_left']); $right1 = stripslashes($_POST['content_right']); //Now send the newsletter to everybody $subscriber = $_POST['user']; $together = implode(", ", $subscriber); $today = date("l F j, Y"); $month = $_POST['month']; $year = $_POST['year']; $left = nl2br($left1); $right = nl2br($right1); //define the receiver of the email //$to = "Solon Sportsmen Members <$together>"; $to = "Vegas D Sports <tpatterson@cheezyfries.net>"; $subject = "Solon Sportsmen Newsletter {$month} {$year}"; $message = "<html><body><table> <tr> <td valign='top' align='left' width='348'>{$left}</td> <td valign='top' align='left' width='348'>{$right}</td> </tr> </table> </body> </html> "; $name = "Solon Sportsmen"; $from = "NOREPLY@solonsportsmen.org"; $headers = "From: ". $name . " <" . $from . ">\r\n"; $headers .= "Content-Type: text/html; charset=\"iso-8859-1\""; $headers .= "Content-Transfer-Encoding: 7bit"; $headers .= 'Cc: tracey@hxcteam.com' . "\r\n"; // now lets send the email. mail($to, $subject, $message, $headers); } [/code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.