grk101 Posted March 18, 2008 Share Posted March 18, 2008 Hello, I have a few drop downs, but when the script passed it sent a few extra items with certain selections. this is the form <form id="form1" name="form1" method="post" action="send.php"> <table> <tr> <td align="right"><label for ="name"> Name: </label></td> <td><input type="text" name="name" /></td> </tr> <tr> <td align="right"><label for = "eqpType"> Equipment Type: </label></td> <td><select name = "eqpType"> <option>None</option> <option>Tent</option> <option>Tent & Trailer</option> <option>Camper/Trailer < 20'</option> <option>Camper/Trailer > 20'</option> </select></td> </tr> <tr> <td valign="top" align="right"><label for = "comments"> Comments/Questions: </label></td> <td><textarea rows="5" cols="20" name="comments" wrap="physical"></textarea> <br /></td> </tr> <tr> <td><p align="right"> Security Code:<br /> <img src="CaptchaSecurityImages.php" /> </p></td> <td><input id="security_code" name="security_code" type="text" /></td> </tr> <tr> <td colspan="2" align="center"><input name="submit" type="submit" value="Send" /> <input name="reset" type="reset" /></td> </tr> <tr> <td align="center"><br /> <a href="" onclick="newcode(); return false;">Click Here</a> for a new code.<br /> <br /> </td> <td></td> </tr> </table> </form> and this is the script <?php session_start(); if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ) { @$ip= $_SERVER['REMOTE_ADDR']; ; @$name = addslashes($_POST['name']); @$eqpType = addslashes($_POST['eqpType']); @$comments = addslashes($_POST['comments']); @$date = date ('m/d/y'); @$time = time('g.i:s.a', time()); // Validation if (strlen($name) == 0 ) { die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid name</font></p>"); } //Sending Email to form owner $subject = "tech support"; $to = "test@test.com"; $message = "Visitor's IP: $ip\n" . "Date: $date\n" . "Time: $time\n" . "Equipment Type: $eqpType\n" . "comments: $comments\n"; @mail($to, $subject ,$message ) ; //saving record in a text file $file_name = "test.csv"; $first_raw = "name,eqpType,comments,date,time\r\n"; $values = "$name,$eqpType,$comments,$date,$time "."\r\n"; $is_first_row = false; if(!file_exists($file_name)) { $is_first_row = true ; } if (!$handle = fopen($file_name, 'a+')) { die("Cannot open file ($file_name)"); exit; } if ($is_first_row) { if (fwrite($handle, $first_raw ) === FALSE) { die("Cannot write to file ($filename)"); exit; } } if (fwrite($handle, $values) === FALSE) { die("Cannot write to file ($filename)"); exit; } fclose($handle); echo("<p align='center'><font face='Arial' size='2' color='#000000'>thank you</font></p>"); unset($_SESSION['security_code']); } else { header( "Location: error.html" ); } when the form comes through i get the following: Equipment Type: Camper/Trailer < 20\\\' the extra \\\\ any help would be appreciated. Quote Link to comment Share on other sites More sharing options...
Cep Posted March 18, 2008 Share Posted March 18, 2008 Its because your using addslashes, I have to question why you are using addslashes. Quote Link to comment Share on other sites More sharing options...
berridgeab Posted March 18, 2008 Share Posted March 18, 2008 Its because your using addslashes, I have to question why you are using addslashes. He likes Horror movies......... Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 18, 2008 Author Share Posted March 18, 2008 Its because your using addslashes, I have to question why you are using addslashes. well I did a test and removed them, and the same thing was happening, my friend helped me with a portio of this ( he probably got it online somewhere) but anyway , even when i remove them, the \\\ comes thorugh, I believe though it's because the data option is 20' in that specific value? Quote Link to comment Share on other sites More sharing options...
Cep Posted March 18, 2008 Share Posted March 18, 2008 That is partially true, the quote is being escaped with slashes but would be done so by using addslashes function. Do not use addslashes for validation, it is bad. Use htmlentities if you want to escape all html entity types, for an overhead save you should use htmlspecialchars but you would need to specify the charset your going to use and I feel this may be a topic beyond the scope of this post. Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 18, 2008 Author Share Posted March 18, 2008 hmm the weird this is, i tried out this one guys script at myphpscripts.net which just emails anything it sees, and the \\\\ didn't appear I am not the best at php programming so that is why i came here for some help sorry guys i m still a tad lost. Quote Link to comment Share on other sites More sharing options...
Cep Posted March 18, 2008 Share Posted March 18, 2008 You say the script works on this other guys server but not on yours? You have not got magic_quotes_gpc turned on in your php.ini file have you? Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 18, 2008 Author Share Posted March 18, 2008 well what i just did was remove.. the addslashes and put down stripslahses and now it works but i got an issue here it keeps posting my hosting info, instead of saying the persons email received from. so when i hit reply it replies to the person email. and not the webhost@cp4. do you happen to know how i can fix that? Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 18, 2008 Author Share Posted March 18, 2008 no matter what i try , i can't figure it out I put header: :From: " but it still shows from whatever hosting it is. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 18, 2008 Share Posted March 18, 2008 I put header: :From: " but it still shows from whatever hosting it is. that's incorrect syntax, or did you just type it wrong? Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 19, 2008 Author Share Posted March 19, 2008 i typed it wrong, i was just giving an example of what i tried. I'd like the reply email to be the email of the user right away, instead of saying my hosting info on behalf of whatever. i can't figure it out Quote Link to comment Share on other sites More sharing options...
jeremyphphaven Posted March 19, 2008 Share Posted March 19, 2008 so dood, peep this. VERY FIRST THING to put into your serving php file... <?php set_magic_quotes_runtime(0); Line 1 and line 2... do this in all your php files on YOUR server... it turns off the server auto-adding the slashes upon http posting. Then you won't have to worry about using stripslashes(). addslashes() are necessary before storing into a database... that's the only time I've ever used it. Quote Link to comment Share on other sites More sharing options...
grk101 Posted March 19, 2008 Author Share Posted March 19, 2008 you know anything about the headers or the reply email being my hosting service? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.