irfandayan Posted July 18, 2012 Share Posted July 18, 2012 I have mail function which gets mail message from a textarea. But whenever there is apostrophes and new line it show it like below. Example Output: Comments: You\\'re mailing address was wrong. Couldn\\'t you provide an other? Survey Answers: item : You\\'re making it well. Isn\\'t it?\nitem2 : It\\'d better to have a cup of tea?\n 1) There are three slashes added along with apostrophes. Is it likely something to do with magic escaping? is the stripslashes function the better option to remove it? 2) New line converted to \r\n. The issue is the \r\n might be a windows artifact. On a Linux server it might be \n only. Is it would be enough to use str_replace('\r\n', "\n", $message); ? Then str_replace("\n", " ", $message); ? Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/ Share on other sites More sharing options...
lordshoa Posted July 18, 2012 Share Posted July 18, 2012 You could do both str_replace or stripslashes $message = str_replace("\\'", "'", $message); $message = str_replace('\r\n', " ", $message); $message = str_replace('\r', " ", $message); Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362395 Share on other sites More sharing options...
DavidAM Posted July 18, 2012 Share Posted July 18, 2012 We may need to see some code. If "magic quotes" is on, you will get a single back-slash before certain special characters. The preferred solution to this is to turn magic quotes off. If you can't turn it off, you need to call stripslashes. function cleanupPost($paInput) { if ( (function_exists('get_magic_quotes_gpc')) and (get_magic_quotes_gpc()) ) return stripslashes($paInput); else return $paInput; } $msgBody = cleanupPost($_POST['message']); You need to test for the existence of the function, because I hear magic quotes will go away completely in the next major release of PHP, and without that test, the code would break when the function no longer exists. If you are seeing multiple back-slashes in the input, it may be because The form was POSTed and your script decided the data was incomplete, so you sent the form again, with the data from the POST. If magic quotes is on, each POST will add the back-slashes, and if you don't stripslashes before sending it back, they will just keep getting added. Or it could be from other processing in your script. If you are using addslashes or mysql_real_escape_string, or any other escaping function to process the mail message, STOP. You do not need to escape the data for a PLAIN-TEXT mail message, and you would use htmlspecialchars for an HTML mail message. If you show the code where you are processing your textarea, we may be able to provide more insight. Right now, we are all just guessing. @lordshoa: Just FYI -- I am not recommending str_replace as a solution here, there may be other things escaped besides the single-quote. However, if it is needed for the \r\n issue, you can do that in a single call using an array: $message = str_replace(array('\r\n', '\r', '\n'), "\n", message); Note the order (inside the array) and the quoting (single vs double) is important in that particular piece of code. Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362410 Share on other sites More sharing options...
sqlnoob Posted July 18, 2012 Share Posted July 18, 2012 I had the same problem with the filter. Whenever users wanted to post a message with an apostrophe in it, it would just go blank. Here is how I solved it. $filtermessage = $_POST["messagetext"]; $rawmessage = str_replace("'","\'",$filtermessage); filter_var($rawmessage, FILTER_SANITIZE_STRING); Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362414 Share on other sites More sharing options...
irfandayan Posted July 19, 2012 Author Share Posted July 19, 2012 Hi DavidAM, Thanks for such a great help. I really appreciate your explanation. 1) I have one other question, my magic quotes always return FALSE on PHP Version 5.3.1 but my $_POST always get a single back-slash before certain special characters. why this happening? How can i detect that my $_POST getting slashes other than magic quotes? And when i escape my $_POST values individually it again gets second slashes. Can you please help this regards for best solution? 2) how can i strip all slashes at once. Suppose i have too many slashes in string and i want to strip all at once. The function stripslashes remove only two slashes and some case i have to call stripslashes multiple times like $message = stripslashes(stripslashes($message));? Thanks in advance for such a great support. Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362647 Share on other sites More sharing options...
DavidAM Posted July 19, 2012 Share Posted July 19, 2012 There are two magic quotes settings: magic quotes gpc - Affects $_GET, $_POST, and $_COOKIE as well as $_FILES magic quotes runtime - Affects File and Database reads When you say "my magic quotes always return FALSE" which one are you looking at? and how did you look? I don't know any other way that the backslashes would get in there unless you have a function somewhere that is escaping the data. If this script is running in some third-party environment, i.e. Wordpress, etc, there may be something going on there. First, check phpinfo to see what value you are running with Then check any .htaccess files that may be involved for any php directives that might be including files or changing settings Then, create a simple php script to test: <?php if (isset($_POST)) { printf('<PRE>%s</PRE>', htmlspecialchars(print_r($_POST, true))); } $txtLine = (isset($_POST['txtLine']) ? $_POST['txtLine'] : ''); $txtArea =(isset($_POST['txtArea']) ? $_POST['txtArea'] : ''); ?> <HTML> <HEAD><TITLE>Test POST</TITLE></HEAD> <BODY> <FORM action="" method="POST"> <INPUT name="txtLine" value="<?php echo $txtLine;?>"><BR> <TEXTAREA name="txtArea"><?php echo htmlspecialchars($txtArea);?></TEXTAREA><BR> <INPUT type="submit" name="submit" value="Submit"> </FORM> </BODY> </HTML> Navigate to this new test page and type something in both text fields. Be sure to include a single-quote and a backslash in one or both of them. Also, hit enter once or twice in the textarea. Then submit the form. You should see the results in the browser. Are there backslashes shown there? Are there backslashes in the fields themselves after you POST? If this simple script produces the correct output (i.e. no backslashes that you did not type yourself), then there is something in your problem script that is escaping the data. You will need to check the script for any processing of the $_POST array. You will need to check any functions that process that array. You will need to check every file that is included by your script to see if any of them are affecting $_POST. You also need to check any auto-prepend-file that is listed in the phpinfo() results. My next step would be to add that printf statement from the code above, early in my script, perhaps followed by a die call. And keep moving the statement up or down in the script until I find out where the backslashes are being inserted. Most likely, if magic-quotes-gpc is indeed off, you will find a call to addslashes, addcslashes, mysql_real_escape_string, or one of the other database escaping functions somewhere in the script or an include file. 2) While I do not recommend this, to remove all of the back-slashes from a string, regardless of the number of them, you need to use a regular expression. I'm not very good with RegExp when back-slashes are involved, but I think it would be $msg = preg_replace('~\\+~', '', $msg);. Warning: If you use this method instead of finding and fixing the cause of the problem, you will be discarding user supplied data. If the user typed a back-slash in the message, you will be deleting it with the above statement. Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362711 Share on other sites More sharing options...
irfandayan Posted July 20, 2012 Author Share Posted July 20, 2012 I was looking for magic quotes via get_magic_quotes_gpc() function. Yes, your guess is right, i am running a plugin on WordPress. I run your script and it doesn't add any back slashes and i looked into my php.ini file and found magic_quotes_gpc = Off ; magic_quotes_runtime = Off; your script produces correct output. Now it is clear that my magic quotes are off but i think there seems something involve with WordPress which escapes my $_POST within my plugin script. I have the similar problem like: http://stackoverflow.com/questions/8949768/with-magic-quotes-disabled-why-does-php-wordpress-continue-to-auto-escape-my Thanks Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362955 Share on other sites More sharing options...
darkfreaks Posted July 20, 2012 Share Posted July 20, 2012 http://codex.wordpress.org/Function_Reference/esc_attr i think this is your best option it will encode the quotes and return them as html entities Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1362956 Share on other sites More sharing options...
DavidAM Posted July 20, 2012 Share Posted July 20, 2012 @darkfreaks - the OP is not trying to display the characters, he is trying to get rid of them. @irfandayan - did you try the solution offered in that question you linked ? $_POST = array_map('stripslashes_deep', $_POST); Since other processes are involved, changing the super global may not be the best answer. Check the WP API documentation. Is there a WP function for retrieving the GET, POST, etc data? If they are messing with it by adding slashes, then they should be providing a way to get it without the slashes. You have not posted your code, so I can't offer a definitive solution. But you could just run stripslashes() on the data when you retrieve it $message = stripslashes($_POST['message']); // or better yet $myPOST = stripslashes_deep($_POST); // then ... $message = $myPOST['message']; If you are getting the doubled-up backslashes in the data the first time you retrieve it, then there may be another plug-in that is messing it up. You could disable your plug-in's one by one until the problem goes away. Then look for updates for the one that was causing the problem. The fact is, any "solution" you come up with that will make your script work, could either cause problems for other scripts/plugins in WP or stop working when WP or other plugins are updated or you remove a plugin (which happens to be the one screwing up the data). Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1363043 Share on other sites More sharing options...
irfandayan Posted July 23, 2012 Author Share Posted July 23, 2012 @DavidAM - The only solution to my problem seems to stripslashes and it almost works for me. I have managed it to work for me. Really appreciate your great concern on my issue. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/265888-how-to-properly-handle-apostrophes-rn-in-mail-function/#findComment-1363620 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.