monkeybidz Posted March 2, 2008 Share Posted March 2, 2008 I am using a script that I made myself to sends an email when users ask a question or respond to one. It also inserts to Mysql OK. When the message includes a quote or double quote it inserts OK to database, but cuts the message off at first ' or " in email. I was just wondering if I should use: strip_tags($_POST[newmessage]) or strip_tags(Filter($_POST[newmessage])) in the following code. <?php if($_POST['original_question'] =='yes' && $_POST['newmessage'] !="") { $query = "SELECT email FROM PHPAUCTIONXL_users WHERE nick='$user_nick'"; $result =mysql_query($query) or die (mysql_error()); $record = mysql_fetch_assoc($result); $email_connecta = $record['email']; $today1 = date("F j, Y, g:i a"); mail ($email_connecta, 'Question About Your Job Listing', "USER: $_SESSION[phpAUCTION_LOGGED_IN_USERNAME] has posted a question for you about: JOB: ".$_SESSION['CURRENTAUCTIONTITLE']." POSTED DATE: ".$today1." MESSAGE OR QUESTION: ".$_POST['newmessage']." To respond to this message, please login to your account and go to the jobs page or if you are already logged-in, simply follow this link: http://www.mysite.com/auction/item.php?id=".$_SESSION["CURRENT_ITEM"], 'From: webmaster@mysite.com'); } ?> Quote Link to comment Share on other sites More sharing options...
helraizer Posted March 2, 2008 Share Posted March 2, 2008 if the message is sent to the email use htmlspecialchars($_POST['newmessage']); Which will convert " to "e; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them. Sam Quote Link to comment Share on other sites More sharing options...
monkeybidz Posted March 2, 2008 Author Share Posted March 2, 2008 I will give it try. Thanks. Quote Link to comment Share on other sites More sharing options...
monkeybidz Posted March 8, 2008 Author Share Posted March 8, 2008 if the message is sent to the email use htmlspecialchars($_POST['newmessage']); Which will convert " to "e; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them. Sam This option did the job since the message may vary depending on the posters text. I had tried using it in php first, but when the poster sets the message, it may sometimes require special characters. Thanks a bunch!!!!! Quote Link to comment Share on other sites More sharing options...
helraizer Posted March 8, 2008 Share Posted March 8, 2008 No problem, glad I could help. if the user posts "><marquee>, wherever that message is posted on the site would start scrolling accross the page because in the source it will be literally that "><marquee>.. so with htmlspecialchars it will convert it to the character codes so it will be "><marquee> which will show on the page as "><marquee> but will not have any adverse effect. Sam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.