monkeybidz Posted March 2, 2008 Share Posted March 2, 2008 I am using a script that I made myself to sends an email when users ask a question or respond to one. It also inserts to Mysql OK. When the message includes a quote or double quote it inserts OK to database, but cuts the message off at first ' or " in email. I was just wondering if I should use: strip_tags($_POST[newmessage]) or strip_tags(Filter($_POST[newmessage])) in the following code. <?php if($_POST['original_question'] =='yes' && $_POST['newmessage'] !="") { $query = "SELECT email FROM PHPAUCTIONXL_users WHERE nick='$user_nick'"; $result =mysql_query($query) or die (mysql_error()); $record = mysql_fetch_assoc($result); $email_connecta = $record['email']; $today1 = date("F j, Y, g:i a"); mail ($email_connecta, 'Question About Your Job Listing', "USER: $_SESSION[phpAUCTION_LOGGED_IN_USERNAME] has posted a question for you about: JOB: ".$_SESSION['CURRENTAUCTIONTITLE']." POSTED DATE: ".$today1." MESSAGE OR QUESTION: ".$_POST['newmessage']." To respond to this message, please login to your account and go to the jobs page or if you are already logged-in, simply follow this link: http://www.mysite.com/auction/item.php?id=".$_SESSION["CURRENT_ITEM"], 'From: [email protected]'); } ?> Link to comment https://forums.phpfreaks.com/topic/93990-mail-character-stripping-problem/ Share on other sites More sharing options...
helraizer Posted March 2, 2008 Share Posted March 2, 2008 if the message is sent to the email use htmlspecialchars($_POST['newmessage']); Which will convert " to "e; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them. Sam Link to comment https://forums.phpfreaks.com/topic/93990-mail-character-stripping-problem/#findComment-481557 Share on other sites More sharing options...
monkeybidz Posted March 2, 2008 Author Share Posted March 2, 2008 I will give it try. Thanks. Link to comment https://forums.phpfreaks.com/topic/93990-mail-character-stripping-problem/#findComment-481571 Share on other sites More sharing options...
monkeybidz Posted March 8, 2008 Author Share Posted March 8, 2008 if the message is sent to the email use htmlspecialchars($_POST['newmessage']); Which will convert " to "e; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them. Sam This option did the job since the message may vary depending on the posters text. I had tried using it in php first, but when the poster sets the message, it may sometimes require special characters. Thanks a bunch!!!!! Link to comment https://forums.phpfreaks.com/topic/93990-mail-character-stripping-problem/#findComment-486754 Share on other sites More sharing options...
helraizer Posted March 8, 2008 Share Posted March 8, 2008 No problem, glad I could help. if the user posts "><marquee>, wherever that message is posted on the site would start scrolling accross the page because in the source it will be literally that "><marquee>.. so with htmlspecialchars it will convert it to the character codes so it will be "><marquee> which will show on the page as "><marquee> but will not have any adverse effect. Sam Link to comment https://forums.phpfreaks.com/topic/93990-mail-character-stripping-problem/#findComment-486838 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.