Jump to content


Photo

Email help


  • Please log in to reply
2 replies to this topic

#1 mattachoo

mattachoo
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 May 2006 - 09:49 PM

// multiple recipients
$to  = $_POST['to'];

// subject
$subject = $_POST['subject'];

// message
$message = $_POST['message'];


$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

//from
$from = $_POST['from'];

$headers .= 'From: '.$from. "\r\n";



// Mail it
if (mail($to, $subject, $message, $headers)) {
    echo '<h1>Success</h1>';
} else {
    echo 'Failure';
}


Now, my question is, that whenever I have apostrophes (') in the subject or message, they automatically get slashes (\) added to them. Is there a way that I can turn this off? So when I get the email, the Subject will have an apostrophe without a slash (\) ?



#2 Stuie_b

Stuie_b
  • Members
  • PipPipPip
  • Advanced Member
  • 74 posts
  • LocationNewcastle, UK

Posted 07 May 2006 - 01:21 AM

try the following code

// multiple recipients
$to  = $_POST['to'];

// subject
$subject = stripslashes($_POST['subject']); //Will remove the Slashes added by Magic Quotes and give you a clean subject

// message
$message = $_POST['message'];


$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

//from
$from = $_POST['from'];

$headers .= 'From: '.$from. "\r\n";



// Mail it
if (mail($to, $subject, $message, $headers)) {
    echo '<h1>Success</h1>';
} else {
    echo 'Failure';
}

[!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]Be careful!! Removing Slashes could be a potential security risk, it also doesn't prevent your script from being hijacked by code injection![!--colorc--][/span][!--/colorc--]


hope it helps

Stuie
It's all in the manual :D

#3 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 07 May 2006 - 03:12 PM

If your POSTed data is having there quotes escaped (\" or \') then you PHP setup has magic quotes enabled which escapes quotes automatically for you.

You can temporarly disable magic quotes for your script by adding the following to the top of your php script:
?<?php

if (get_magic_quotes_gpc())
{
    set_magic_quotes_runtime(0);
}

?>
That should temporarly shutdown magic quotes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users