soycharliente Posted July 7, 2007 Share Posted July 7, 2007 I've been trying to send mail without the content being escaped. i've tried using mysql_real_escape_string, stripslahes, combination of both, and a few other suggestions from other sites on-lines. I looked through the manual and it didn't really say if it gets escaped upon sending. Can anyone help me send a subject and body that isn't escaped? Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 7, 2007 Share Posted July 7, 2007 How about trying this ereg_replace("[^a-zA-Z0-9]", "", $subject) ereg_replace("[^a-zA-Z0-9]", "", $body) Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 7, 2007 Author Share Posted July 7, 2007 What does that do? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 7, 2007 Author Share Posted July 7, 2007 Didn't work. That only allowed letters and numbers to go through. All the spaces where eliminated and since it was an HTML based e-mail, all the <s were removed as well. Quote Link to comment Share on other sites More sharing options...
bibby Posted July 7, 2007 Share Posted July 7, 2007 hackerkts' regular expressions remove any non-alpha numeric characters from the string, covering up the symptoms. Assuming your mail parameters are assigned to variables, check to see if they are escaped before they hit the mail function. If so, fix the escape-age the occurs before the mail() call. Your string may also look escaped, because it has been escaped twice, string ' the user\\'s ' renders as ' the user\'s ' //are these escaped first? If so, the problem isn't in mail(). echo $to . "<br />\n"; // escaped? echo $subject . "<br />\n"; // escaped? echo $body . "<br />\n"; // escaped? echo $headers . "<br />\n"; // escaped? //the mail call // mail($to,$subject,$body,$headers); *edit _ spelling ~!b Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 7, 2007 Author Share Posted July 7, 2007 It does echo escaped data. Do you see the problem? <?php function myEscape($string) { dbconnect(); $new = get_magic_quotes_gpc() ? stripslashes($string) : $string; $safe = mysql_real_escape_string($new); return $safe; } if (isset($_POST["info_submit"])) { foreach ($_POST as $key => $val) { $_POST[$key] = myEscape($val); } $name = trim($_POST["info_name"]); $status = $_POST["info_status"]; $address = $_POST["info_address"]; $citystatezip = $_POST["info_citystatezip"]; $phone = $_POST["info_phone"]; $email = $_POST["info_email"]; $interests = $_POST["info_interests"]; $legacy = $_POST["info_legacy"]; $error_p = preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $phone) ? FALSE : TRUE; $error_e = preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*(([,]|[, ])\s*\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*)*$/", $email) ? FALSE : TRUE; $error_n = empty($name) ? TRUE : FALSE; $error_s = preg_match("/^[1-5]/", $status) ? FALSE : TRUE; if (!($error_p|$error_e|$error_n|$error_s)) { $to = "your.mother.lol@gmail.com"; $subject = "I filled out the information card."; $msg = "<html> <head> <title>Information Card Date</title> </head> <body> <p>Name: $name</p> <p>Status: $status</p> <p>Address: $address, $citystatezip</p> <p>Phone: $phone</p> <p>E-mail: $email</p> <p>Interests: $interests</p> <p>Relatives: $legacy</p> </body> </html>"; $msg = wordwrap($msg, 70); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=utf-8\r\n"; $headers .= "From: " . $name . "<" . $email . ">\r\n"; echo $to . "<br />\n"; // escaped? echo $subject . "<br />\n"; // escaped? echo $msg . "<br />\n"; // escaped? echo $headers . "<br />\n"; // escaped? // SEND THE EMAIL ini_set(sendmail_from, $email); mail($to, $subject, $msg, $headers); ini_restore(sendmail_from); $formsent = TRUE; } } ?> Quote Link to comment Share on other sites More sharing options...
bibby Posted July 7, 2007 Share Posted July 7, 2007 um, yah dood! It's the great big escape function you're using. Don't do that. mysql_real_escape_string is for formatting MySQL queries. Cut this line $_POST[$key] = myEscape($val); Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 8, 2007 Author Share Posted July 8, 2007 Then can someone please tell me how to escape some data? I cannot do it. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 9, 2007 Author Share Posted July 9, 2007 *bump* Quote Link to comment Share on other sites More sharing options...
teng84 Posted July 9, 2007 Share Posted July 9, 2007 im not quite sure bout your question but isnt it the escape character is \ and ok give us some string or char to be escape Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 9, 2007 Author Share Posted July 9, 2007 How do you escape data period? If you look down the thread, apparently the way I'm doing it doesn't work (someone said). I want to escape data being posted for e-mail. Quote Link to comment Share on other sites More sharing options...
teng84 Posted July 9, 2007 Share Posted July 9, 2007 How do you escape data period? \ escape character now to escape the escape character you may want to use this \\\ does it make sense Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 9, 2007 Author Share Posted July 9, 2007 I think I misspoke. The data is being escaped and I do not want it to be so. How do I get rid of all the slashes? Look down the thread at my previous posts. Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 9, 2007 Share Posted July 9, 2007 Hmm.. Is stripslashes() you are looking for? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.