PHPMailer safe practices - Send escaped / sanitized variables or not?

Question

I'm using the PHPMailer-Lite class to build an email sending script and I'm not sure if I should use addslashses() on the $name variable when adding it to the constructor.

If somebody's last name would be O'Riley (or any other name that contains characters which should normally be sanitized before handling) and I would send it unescaped, wouldn't it mess with the script/email sending ? Is it safe to send it unescaped ? As a side note, I would also like to avoid having my message body say "Hello, O\'Riley".

Looking at the source, I saw that it only trims the whitespace and line ending (\r\n) characters from the received $name variable, so any advice on this would be more than welcome.

Thank you all in advance !

Answer 1

IIRC, PHPMailer handles that automatically.

If you pass it "Seamus O'Malley" it is properly formatted for sending in email.