Jump to content

Mail character stripping problem

monkeybidz

By monkeybidz
in PHP Coding Help

 Share

Recommended Posts

monkeybidz Advanced Member

monkeybidz

Posted
Posted

I am using a script that I made myself to sends an email when users ask a question or respond to one. It also inserts to Mysql OK. When the message includes a quote or double quote it inserts OK to database, but cuts the message off at first ' or " in email. I was just wondering if I should use:

 

strip_tags($_POST[newmessage])

or 

strip_tags(Filter($_POST[newmessage]))

in the following code.

 

<?php

if($_POST['original_question'] =='yes' && $_POST['newmessage'] !="") {

$query = "SELECT email FROM PHPAUCTIONXL_users WHERE nick='$user_nick'";
$result =mysql_query($query) or die (mysql_error());
$record = mysql_fetch_assoc($result);
$email_connecta = $record['email'];

$today1 = date("F j, Y, g:i a");

mail ($email_connecta, 'Question About Your Job Listing', 
"USER: $_SESSION[phpAUCTION_LOGGED_IN_USERNAME] has posted a question for you about:

JOB: ".$_SESSION['CURRENTAUCTIONTITLE']."

POSTED DATE: ".$today1."

MESSAGE OR QUESTION: ".$_POST['newmessage']."


To respond to this message, please login to your account and go to the jobs page or if you are already logged-in, simply follow this link: http://www.mysite.com/auction/item.php?id=".$_SESSION["CURRENT_ITEM"],


'From: webmaster@mysite.com');
}
?>

Link to comment
Share on other sites
helraizer Regular Member

helraizer

Posted
Posted

if the message is sent to the email use

 

htmlspecialchars($_POST['newmessage']);

 

Which will convert " to &quote; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them.

 

Sam

Link to comment
Share on other sites
monkeybidz Advanced Member

monkeybidz

Posted
  • Author
Posted

if the message is sent to the email use

 

htmlspecialchars($_POST['newmessage']);

 

Which will convert " to &quote; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them.

 

Sam

 

This option did the job since the message may vary depending on the posters text. I had tried using it in php first, but when the poster sets the message, it may sometimes require special characters.

 

Thanks a bunch!!!!!

Link to comment
Share on other sites
helraizer Regular Member

helraizer

Posted
Posted

No problem, glad I could help.

 

if the user posts "><marquee>, wherever that message is posted on the site would start scrolling accross the page because in the source it will be literally that "><marquee>.. so with htmlspecialchars it will convert it to the character codes so it will be "><marquee> which will show on the page as "><marquee> but will not have any adverse effect.

 

Sam

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.