Jump to content

[SOLVED] mail() function escapes data?


soycharliente

Recommended Posts

I've been trying to send mail without the content being escaped. i've tried using mysql_real_escape_string, stripslahes, combination of both, and a few other suggestions from other sites on-lines. I looked through the manual and it didn't really say if it gets escaped upon sending.

 

Can anyone help me send a subject and body that isn't escaped?

Link to comment
Share on other sites

hackerkts' regular expressions remove any non-alpha numeric characters from the string, covering up the symptoms.

 

Assuming your mail parameters are assigned to variables, check to see if they are escaped before they hit the mail function. If so, fix the escape-age the occurs before the mail() call. Your string may also look escaped, because it has been escaped twice,

string ' the user\\'s ' renders as ' the user\'s '

 

//are these escaped first? If so, the problem isn't in mail().
echo $to  . "<br />\n";  // escaped?
echo $subject  . "<br />\n";  // escaped?
echo $body  . "<br />\n";  // escaped?
echo $headers  . "<br />\n";  // escaped?

//the mail call
// mail($to,$subject,$body,$headers);

 

*edit _ spelling ~!b

Link to comment
Share on other sites

It does echo escaped data.

 

Do you see the problem?

<?php
function myEscape($string) {
dbconnect();
$new = get_magic_quotes_gpc() ? stripslashes($string) : $string;
$safe = mysql_real_escape_string($new);
return $safe;
}

if (isset($_POST["info_submit"])) {
foreach ($_POST as $key => $val) {
      $_POST[$key] = myEscape($val);
}
$name = trim($_POST["info_name"]);
$status = $_POST["info_status"];
$address = $_POST["info_address"];
$citystatezip = $_POST["info_citystatezip"];
$phone = $_POST["info_phone"];
$email = $_POST["info_email"];
$interests = $_POST["info_interests"];
$legacy = $_POST["info_legacy"];
$error_p = preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $phone) ? FALSE : TRUE;
$error_e = preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*(([,]|[, ])\s*\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*)*$/", $email) ? FALSE : TRUE;
$error_n = empty($name) ? TRUE : FALSE;
$error_s = preg_match("/^[1-5]/", $status) ? FALSE : TRUE;
if (!($error_p|$error_e|$error_n|$error_s)) {
	$to = "your.mother.lol@gmail.com";
	$subject = "I filled out the information card.";
	$msg = "<html>
		<head>
		<title>Information Card Date</title>
		</head>
		<body>
		<p>Name: $name</p>
		<p>Status: $status</p>
		<p>Address: $address, $citystatezip</p>
		<p>Phone: $phone</p>
		<p>E-mail: $email</p>
		<p>Interests: $interests</p>
		<p>Relatives: $legacy</p>
		</body>
		</html>";
	$msg = wordwrap($msg, 70);
	$headers  = "MIME-Version: 1.0\r\n";
	$headers .= "Content-type: text/html; charset=utf-8\r\n";
	$headers .= "From: " . $name . "<" . $email . ">\r\n";
	echo $to  . "<br />\n";  // escaped?
	echo $subject  . "<br />\n";  // escaped?
	echo $msg  . "<br />\n";  // escaped?
	echo $headers  . "<br />\n";  // escaped?
	// SEND THE EMAIL
	ini_set(sendmail_from, $email);
	mail($to, $subject, $msg, $headers);
	ini_restore(sendmail_from);
	$formsent = TRUE;
}
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.