Apostroph encoded as an escape character
-
23-10-2019 - |
سؤال
I have a PHP script that grabs data from an HTML form and sends it in an email with SwiftMailer. When a user enters apostrophe or quotes into an input field (textarea), the email looks something like this:
Form input: Husband's PLD
Email received received: Husband\'s PLD
Form input: pld's "snack" "old"
Email received: pld\'s \"snack\" \"old\"
There is some validation and sanitation going on in my script:
if ($_POST['form_message'] != "") {
$form_message = filter_var($_POST['form_message'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($_POST['form_message'] == "") {
$errors .= 'Please enter a valid comment.<br/><br/>';
}
} else {
$errors .= 'Please enter your comment.<br/>';
}
Here is the Swiftmailer part:
$message->setBody("Here is the information submitted to
www.polycystic-kidneydisease.com/html/contact_email.php from $ip on $date.\n\n --------------------------------\n\n name: $name \n\n email address: $email \n\n subject: $form_subject \n\n comment: $form_message");
How do I fix it? Thank you!
المحلول
Sounds like magic_quotes_gpc
is enabled. If you can disable it, you may want to do so; if not, use stripslashes()
on the input before doing your filtering.