Member Avatar for tmaniacco

This is my first website so please be kind.

My form in my index.php has method="post" action="mailer.php"

in my mailer.php I have the following code which I had hoped would take care of single and double quotes which may be entered into the message textarea

$message = $_POST;
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Back in my index.php I echo $_POST but when it echos the message it has slashes in the message area e.g. don't becomes don\'t. How do I get rid of those?

  • 3 Contributors
  • 5 Replies
  • 79 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by cwarn23

Recommended Answers

All 5 Replies

Member Avatar for Phil++

Hey,

You should really put any code you post in tags.

[half asleep, sorry]

Edited by Phil++ because: n/a
Member Avatar for tmaniacco

Hi Phil,

You should really put any code you post in tags.

But use stripslashes instead. http://php.net/manual/en/function.stripslashes.php

If by tages you mean <?php echo $_POST ?>

this is exactly what is in my index.php

and in my mailer I use stripslashes but it is not giving me the expected result.

Member Avatar for Phil++

Hey, sorry I was half asleep lol :(!

It seems your problem is down to this:

$message = $_POST['message']; 
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Should be:

$message = $_POST['message'];
$display_message = stripslashes($message);
echo $display_message; // instead of 'message'

hope this helps!

Member Avatar for tmaniacco

Hey, sorry I was half asleep lol :(!

It seems your problem is down to this:

$message = $_POST['message']; 
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Should be:

$message = $_POST['message'];
$display_message = stripslashes($message);
echo $display_message; // instead of 'message'

hope this helps!

Why do I need to use another variable $display_message?

Member Avatar for cwarn23

Why do I need to use another variable $display_message?

You don't and would be wiser not to. You should always use stripslashes on $_POST and so below is a faster executing example.

$message = stripslashes($_POST['message']);
echo $message;

Of course you could try the below but there is no guarantee of maintaining the new data.

$_POST['message']= stripslashes($_POST['message']);
echo $_POST['message'];

As for the cause behind all of this the problem is magic quotes. magic quotes is an option in the php.ini file which automatically escapes quotes so that $_POST data is more secure for mysql query's when a user doesn't use the mysql_real_escape_string() function. So to avoid this annoying feature you have two options. Disable it in the php.ini file or the better option is just to use the stripslashes function.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.