“I'm” becomes “I\'m” in PHP? (Why is a slash being added?) [duplicate]

StackOverflow https://stackoverflow.com/questions/9508108

  •  14-11-2019
  •  | 
  •  

Question

Possible Duplicate:
Correctly encode characters in a PHP mail form (“I'm” turns to be “I\'m”)

I'm sending an email over PHP and the text arrives with a slash right before the quotation mark:

I'm becomes I\'m

My PHP:

$text_message = $_POST["mymessage"];       


$message="--PHP-mixed-$bound_text\r\n"      
            ."Content-Type: text/plain; charset=\"utf-8\"\r\n"
 ."Content-Transfer-Encoding: 7bit\r\n\r\n" 
       ."$text_message\r\n\r\n" 
    ."--PHP-mixed-$bound_text\r\n"  
            ."Content-Transfer-Encoding: base64\r\n"
            ."Content-Disposition: attachment; filename=\"$attachment\"\r\n"
."Content-Type: image/jpeg; name=\"$attachment\"\r\n\r\n"
 .chunk_split($file)
        ."\r\n\r\n"
            ."--PHP-mixed-$bound_text--\r\n\r\n";
}

How to get it send without receiving an extra slash? Thanks. Uli

Was it helpful?

Solution

This is caused by PHP's magic quotes which are deprecated but, unfortunately, still enabled by default. In most cases you can disable the feature through a .htaccess file or even through the webhoster's control panel.

If that's not possible, it's safest to check if magic quotes are enabled through get_magic_quotes_gpc() before blindly using stripslashes(). To unescape all $_POST[] variables, use:

if (get_magic_quotes_gpc()) {
    foreach($_POST as $k => $v) {
       $_POST[$k] = stripslashes($v);
    }
}

OTHER TIPS

You should check for magic_quotes within your php.ini file, its most likely on, You can always check for this option within php and handle the string accordingly

if (get_magic_quotes_gpc()){
   $text_message = stripslashes($_POST["mymessage"]);
}else{
   $text_message = $_POST["mymessage"];
}

Also instead of using \r\n you should use PHP_EOL then its compatible with all operating systems: eg the \r is not required for linux

I suspect it's down to $_POST["mymessage"]. What do you get if you echo $_POST["mymessage"] to screen?

Some webhosts will deliberately addslashes() to data received by $_POST, $_GET, etc. as a basic protection against SQL injection.

If that is being done, you should be able to do stripslashes($_POST["mymessage"])

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top