SMS Text - Escaping html text

[PuaDog]

Aloha,

 

I am using a simple html form and php script to send data to a SMS gateway that I have setup already. Everything works great. I fill out the form, the data is sent and instantly I get a text message on my iphone. Here's the problem. If I use an apostrophe in the message text field I get an error code. I am assuming the html text field needed to be escaped but I tried everything and I still get the error. Any ideas on what to check or do?

 

Here's the php send code (variables coming in from html form fields):

 

 

<?php



if (!empty($_POST)) {
   
    $name = trim($_POST["name"]);
   
$contactnumber = trim($_POST["contactnumber"]);

    $message = trim($_message);


    if (empty($name)) {

        exit("Name cannot be blank.");

    }
   
   if (empty($contactnumber)) {

        exit("Please provide a contact number.");

    }
       
      
   if (empty($message)) {

        exit("Message cannot be blank.");

    }

   $subject = "$name . $contactnumber";


    $strlen_subject = ($subject != "") ? strlen($subject) + 3 : 0;

    $strlen_message = strlen($message);


    $express = $_POST["express"];

    if ($express && ($strlen_subject + $strlen_message > 160)) {

        exit("In case of express delivery, message length should not exceed 160 characters.");

    }

    elseif ($strlen_subject + $strlen_message > 130) {

        exit("In case of standard delivery, message length should not exceed 130 characters.");

    }
      

    $subject = urlencode($subject);
   
   $contactnumber = urlencode($contactnumber);

   $message = urlencode($message);
   

$ch=curl_init('https://app.eztexting.com/api/sending');

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

curl_setopt($ch,CURLOPT_POST,1);
   

curl_setopt($ch,CURLOPT_POSTFIELDS,"user=PuaDog&pass=808cougar&phonenumber=18087211458&subject=$subject&message=$message&express=1");

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

$data = curl_exec($ch);


    switch($data) {

        case 1:

         header('location:message_sent.php?message1=1');

            break;

        case -1:

            print("Invalid user or password");

            break;

        case -2:

            print("Credit Limit Reached");

            break;

        case -5:

            print("Local Opt Out");

            break;

        case -7:

            print("Invalid Message");

            break;

        case -104:

            print("Globally Opted Out Phone Number");

            break;

        case -106:

            print("Incorrectly Formatted Phone Number");

            break;

        case -10:

            print("Unknown Error");

            break;

    }

}




?>

 

Mahalo!

Tom

 

MOD Edit:

 . . . 

tags added . . .

[thcx]

Try rawurlencode() instead of urlencode().

 

[Maq]

If I use an apostrophe in the message text field I get an error code.

 

What's the error?

[PuaDog]

Good suggestion on using rawurlencode, but I tried that and it didn't work. The error I am getting is that it is an invalid message. Am I going down the wrong path with the escaping? It seems to me that is the problem since the data goes through fine when I don't use an apostrophe.

 

 

[Pikachu2000]

When in doubt, read the docs.

 

Note: The list of allowed characters for messages and subjects is: a-z, A-Z, 0-9 and these special characters: .,:;!?()~=+-_\/@$#&%

[Maq]

When in doubt, read the docs.

 

Note: The list of allowed characters for messages and subjects is: a-z, A-Z, 0-9 and these special characters: .,:;!?()~=+-_\/@$#&%

 

If this is the case then you're going to have to catch invalid characters before you send them.  There are a few ways to do this.  One is to use regex and let the user know that there are invalid characters.  You could convert them to something valid or you could just strip them out.

[PuaDog]

Okay confirmed that, in fact, those characters are not allowed. Well, at least I got a lot of practice escaping text! Thanks for the replies everyone.

 

Mahalo nui loa,

Tom