Jump to content

Recommended Posts

I enter information for our newsletter.

I click submit for it to go into the database, then it emails all of the members automatically.

 

The problem I'm having is with " and ' showing up properly in the email

 

To enter the information, I have this

$left1 = mysql_escape_string($_POST['content_left']);
$right1 = mysql_escape_string($_POST['content_right']);

 

Then, to display it properly in the email, I have this

$left = nl2br($left1);
$right = nl2br($right1);

 

When it shows in the email, it does this

SOLON SPORTSMEN\\\\\\\'S ASSOCIATION

 

And if these is a " in the email, it stops right there and don't show the rest of the message.

 

How can fix this to display properly?

 

Thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/140063-solved-proper-way-to-display-with-nl2nr/
Share on other sites

you are escaping your data too many times before putting it in the database

 

-check to make sure magic_quotes is off: http://us.php.net/manual/en/security.magicquotes.disabling.php

-make sure you are only using mysql_real_escape_string() once

-make sure there are no other functions like addslashes() being run on the POST values

Check to see if magic_quotes are turned on, if so you need stripslashes on the post data before running mysql_escape_string, and I think you should be using mysql_real_escape_string I think the mysql_escape_string is depreciated.

 

The reason you get the \\\\\\ is from double escaping. You can use this function to test if magic quote are on get_magic_quotes_gpc.

 

Changelog

 

Version Description

5.3.0 This function now throws an E_DEPRECATED notice.

4.3.0 This function became deprecated, do not use this function. Instead, use mysql_real_escape_string().

 

That came from the mysql_escape_string man page.

I ran a script like this

echo get_magic_quotes_gpc();

and it came back 1

 

So, I did this to the code

	$month = $_POST['month'];
	$year = $_POST['year'];
	$left1 = stripslashes(mysql_real_escape_string($_POST['content_left']));
	$right1 = stripslashes(mysql_real_escape_string($_POST['content_right']));

		$sql = "INSERT INTO newsletter(month, year, content_left, content_right) VALUES(
				'$month',
				'$year',
				'$left1',
				'$right1');";
				mysql_query($sql)
				or die("Sorry, there was a problem inserting the newsletter ".mysql_error());

		echo "Newsletter has been inserted<br /><br /><br />";

 

It inserts into the database properly, it's the displaying aspect that's the problem

 

 

And the part that actually sends the email is this

	$month = $_POST['month'];
	$year = $_POST['year'];
	$left1 = stripslashes(mysql_real_escape_string($_POST['content_left']));
	$right1 = stripslashes(mysql_real_escape_string($_POST['content_right']));


//Now send the newsletter to everybody	
$subscriber = $_POST['user'];	
$together = implode(", ", $subscriber);
$today = date("l F j, Y");	

$month = $_POST['month'];
$year = $_POST['year'];
$left = nl2br($left1);
$right = nl2br($right1);

Flip the strip and the escape:

 

      $left1 = mysql_real_escape_string(stripslashes($_POST['content_left']));
      $right1 = mysql_real_escape_string(stripslashes($_POST['content_right']));

 

You want to strip them before escaping or else you run into the same problem.

mysql_real_escape_string should only be for database entries.

 

For emails you just need to remove the initial slashes.

      $left1 = stripslashes($_POST['content_left']);
      $right1 = stripslashes($_POST['content_right']);

 

If, for whatever reason your server doubles up on the slashes you can call that function twice, but it should not be doing this.  Can you post that code that sends the email?

if($_POST['submit']) {
	require("config_news.php");	
	$month = $_POST['month'];
	$year = $_POST['year'];
      $left1 = stripslashes($_POST['content_left']);
      $right1 = stripslashes($_POST['content_right']);


//Now send the newsletter to everybody	
$subscriber = $_POST['user'];	
$together = implode(", ", $subscriber);
$today = date("l F j, Y");	

$month = $_POST['month'];
$year = $_POST['year'];

$left = nl2br($left1);
$right = nl2br($right1);

//define the receiver of the email
//$to = "Solon Sportsmen Members <$together>";
$to = "Vegas D Sports <tpatterson@cheezyfries.net>";
$subject = "Solon Sportsmen Newsletter {$month} {$year}";
$message = " ";
$name = "Solon Sportsmen";
$from = "NOREPLY@solonsportsmen.org";
$headers = "From: ". $name . " <" . $from . ">\r\n";
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"";
$headers .= "Content-Transfer-Encoding: 7bit";
$headers .= 'Cc: tracey@hxcteam.com' . "\r\n";
// now lets send the email.

mail($to, $subject, $message, $headers); 
}

 

That is the code that sends out the email

I'm sorry, here it is

 

   if($_POST['submit']) {
      require("config_news.php");   
      $month = $_POST['month'];
      $year = $_POST['year'];
      $left1 = stripslashes($_POST['content_left']);
      $right1 = stripslashes($_POST['content_right']);
         
         
//Now send the newsletter to everybody   
$subscriber = $_POST['user'];   
$together = implode(", ", $subscriber);
$today = date("l F j, Y");   

$month = $_POST['month'];
$year = $_POST['year'];

$left = nl2br($left1);
$right = nl2br($right1);

//define the receiver of the email
//$to = "Solon Sportsmen Members <$together>";
$to = "Vegas D Sports <tpatterson@cheezyfries.net>";
$subject = "Solon Sportsmen Newsletter {$month} {$year}";
$message = "<html><body><table>
  <tr>
    <td valign='top' align='left' width='348'>{$left}</td>
    <td valign='top' align='left' width='348'>{$right}</td>
  </tr>
</table>
</body>
</html> ";
$name = "Solon Sportsmen";
$from = "NOREPLY@solonsportsmen.org";
$headers = "From: ". $name . " <" . $from . ">\r\n";
$headers .= "Content-Type: text/html; charset=\"iso-8859-1\"";
$headers .= "Content-Transfer-Encoding: 7bit";
$headers .= 'Cc: tracey@hxcteam.com' . "\r\n";
// now lets send the email.

mail($to, $subject, $message, $headers);
}
[/code

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.