Apostroph encoded as an escape character

Question

I have a PHP script that grabs data from an HTML form and sends it in an email with SwiftMailer. When a user enters apostrophe or quotes into an input field (textarea), the email looks something like this:

Form input: Husband's PLD

Email received received: Husband\'s PLD

Form input: pld's "snack" "old"

Email received: pld\'s \"snack\" \"old\"

There is some validation and sanitation going on in my script:

if ($_POST['form_message'] != "") {
        $form_message = filter_var($_POST['form_message'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
        if ($_POST['form_message'] == "") {
            $errors .= 'Please enter a valid comment.<br/><br/>';
        }
    } else {
        $errors .= 'Please enter your comment.<br/>';
    }

Here is the Swiftmailer part:

$message->setBody("Here is the information submitted to 

www.polycystic-kidneydisease.com/html/contact_email.php from $ip on $date.\n\n --------------------------------\n\n name: $name \n\n email address: $email \n\n subject: $form_subject \n\n comment: $form_message");

How do I fix it? Thank you!

Answer 1

Sounds like magic_quotes_gpc is enabled. If you can disable it, you may want to do so; if not, use stripslashes() on the input before doing your filtering.