3

Possible Duplicate:
Correctly encode characters in a PHP mail form (“I'm” turns to be “I\'m”)

I'm sending an email over PHP and the text arrives with a slash right before the quotation mark:

I'm becomes I\'m

My PHP:

$text_message = $_POST["mymessage"];       


$message="--PHP-mixed-$bound_text\r\n"      
            ."Content-Type: text/plain; charset=\"utf-8\"\r\n"
 ."Content-Transfer-Encoding: 7bit\r\n\r\n" 
       ."$text_message\r\n\r\n" 
    ."--PHP-mixed-$bound_text\r\n"  
            ."Content-Transfer-Encoding: base64\r\n"
            ."Content-Disposition: attachment; filename=\"$attachment\"\r\n"
."Content-Type: image/jpeg; name=\"$attachment\"\r\n\r\n"
 .chunk_split($file)
        ."\r\n\r\n"
            ."--PHP-mixed-$bound_text--\r\n\r\n";
}

How to get it send without receiving an extra slash? Thanks. Uli

Community
  • 1
  • 1
Uli
  • 2,625
  • 10
  • 46
  • 71

3 Answers3

4

This is caused by PHP's magic quotes which are deprecated but, unfortunately, still enabled by default. In most cases you can disable the feature through a .htaccess file or even through the webhoster's control panel.

If that's not possible, it's safest to check if magic quotes are enabled through get_magic_quotes_gpc() before blindly using stripslashes(). To unescape all $_POST[] variables, use:

if (get_magic_quotes_gpc()) {
    foreach($_POST as $k => $v) {
       $_POST[$k] = stripslashes($v);
    }
}
praseodym
  • 2,134
  • 15
  • 29
2

You should check for magic_quotes within your php.ini file, its most likely on, You can always check for this option within php and handle the string accordingly

if (get_magic_quotes_gpc()){
   $text_message = stripslashes($_POST["mymessage"]);
}else{
   $text_message = $_POST["mymessage"];
}

Also instead of using \r\n you should use PHP_EOL then its compatible with all operating systems: eg the \r is not required for linux

Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
  • cheerfully withdrawn. Although, as it is a better answer than mine, I feel it deserves the upvotes in order to outscore me. – SimonMayer Feb 29 '12 at 23:29
1

I suspect it's down to $_POST["mymessage"]. What do you get if you echo $_POST["mymessage"] to screen?

Some webhosts will deliberately addslashes() to data received by $_POST, $_GET, etc. as a basic protection against SQL injection.

If that is being done, you should be able to do stripslashes($_POST["mymessage"])

SimonMayer
  • 4,719
  • 4
  • 33
  • 45