0

I've made a email script that sends the users information that was filled out in our forms. But we noticed that when we send any information using " or ' that it adds a \' or \" to the email. Now I understand that PHP requires \'s to keep it from breaking prematurely but is there any way around this?

Here's an Example of my issue... Daugherty\'s Contruction

   //SEND EMAIL TO name@website.com
    $to      = "name@website.com";
    $subject = "Sending Company Name - Receipt " . $_POST['company'];
    $header = "From: name@website.com" . "\r\n";
    $header .= "Reply-To: " . $_POST['email'] . "\r\n";
    $header .= "MIME-Version: 1.0" . "\r\n";
    $header .= "Content-type: text/html;charset=iso-8859-1" . "\r\n";
    $message = "<html>
                    <body>
                        <img alt='Logo' src='http://www.website.com/logo.png'/>
                        <h2>
                            Customer Payment
                        </h2>
                        <p><b>Company:          </b>" . $_POST["company"] . "</p>
                        <p><b>Name:             </b>" . $_POST['first_name'] . " " . $_POST['last_name'] . "</p>
                        <p><b>Email:            </b>" . $_POST['email'] . "</p>
                        <p><b>Phone:            </b>" . $_POST['phone'] . "</p>
                        <p><b>Location:         </b>" . $_POST['city'] . ", " . $_POST['state'] . " " . $_POST['zip'] . "</p>
                        <p><b>Date:             </b>" . $today = date('F j, Y - g:i A (T)') . "</p>
                        <p><b>Card Used:        </b> XXXX-XXXX-XXXX-" . $last4 . "</p>
                        <p><b>Payment Amount:   </b>$" . $_POST['price'] . "</p>
                        <br/>
                        <p>http://www.website.com/payment</p>
                    </body>
                </html>";
    mail($to, $subject, $message, $header);
4

2 回答 2

1

正如其他人所评论的那样,因为您启用了魔术引号。您应该禁用它,或者您可以处理您的输入以解决问题,例如。

<?php 
function fix_magic_quotes_gpc(&$value, $key){
    if (get_magic_quotes_gpc()) {
        $value = stripslashes($value);
        $key   = stripslashes($key);
    }
}
$inputs = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
array_walk_recursive($inputs, 'fix_magic_quotes_gpc');
?>
于 2013-05-09T20:07:28.770 回答
0

我知道两种方法:1)禁用魔术行情

if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
    foreach ($val as $k => $v) {
        unset($process[$key][$k]);
        if (is_array($v)) {
            $process[$key][stripslashes($k)] = $v;
            $process[] = &$process[$key][stripslashes($k)];
        } else {
            $process[$key][stripslashes($k)] = stripslashes($v);
        }
    }
}
unset($process);
}

2)使用html实体:可以使用" 或“ 对于 " 和 ' 或 ‘对于 ' 。

于 2013-05-09T20:07:24.090 回答