Jump to content

Archived

This topic is now archived and is closed to further replies.

mattachoo

Email help

Recommended Posts

[code]
// multiple recipients
$to  = $_POST['to'];

// subject
$subject = $_POST['subject'];

// message
$message = $_POST['message'];


$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

//from
$from = $_POST['from'];

$headers .= 'From: '.$from. "\r\n";



// Mail it
if (mail($to, $subject, $message, $headers)) {
    echo '<h1>Success</h1>';
} else {
    echo 'Failure';
}
[/code]


Now, my question is, that whenever I have apostrophes (') in the subject or message, they automatically get slashes (\) added to them. Is there a way that I can turn this off? So when I get the email, the Subject will have an apostrophe without a slash (\) ?

Share this post


Link to post
Share on other sites
try the following code

[code]// multiple recipients
$to  = $_POST['to'];

// subject
$subject = stripslashes($_POST['subject']); //Will remove the Slashes added by Magic Quotes and give you a clean subject

// message
$message = $_POST['message'];


$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

//from
$from = $_POST['from'];

$headers .= 'From: '.$from. "\r\n";



// Mail it
if (mail($to, $subject, $message, $headers)) {
    echo '<h1>Success</h1>';
} else {
    echo 'Failure';
}[/code]
[b]
[!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]Be careful!! Removing Slashes could be a potential security risk, it also doesn't prevent your script from being hijacked by code injection![!--colorc--][/span][!--/colorc--][/b]

hope it helps

Stuie

Share this post


Link to post
Share on other sites
If your POSTed data is having there quotes escaped (\" or \') then you PHP setup has magic quotes enabled which escapes quotes automatically for you.

You can temporarly disable magic quotes for your script by adding the following to the top of your php script:
[code]?<?php

if (get_magic_quotes_gpc())
{
    set_magic_quotes_runtime(0);
}

?>[/code]
That should temporarly shutdown magic quotes.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.