Ad:

MySQL Discussion Thread
Marked Solved
Views: 1426

Jun 30th, 2009

Email address contains javascript tags

Expand Post »

Hi,

I'm not entirely sure which forum to post this question because I cannot determine whether it's a MySQL, Joomla, or PHP issue. But I will post it here, as some of you may know about this.

I am using a custom built "user" table in my MySQL database, and the email addresses are being stored in plain text as VARCHAR(60). However, when I retrieve an email address from a record, and then display it on my webpage, it appears as an "email link" and not as plain text.

This is the code I'm using to retrieve the email address from the MySQL database.

------------------------------------------------------

php Syntax (Toggle Plain Text)
$check = mysql_query("SELECT * FROM users WHERE ID = '$userID'");
if ($info = mysql_fetch_array( $check ))
{ 
   // Get db fields
   $email = $info['email'];
}
 
echo $email;
$check = mysql_query("SELECT * FROM users WHERE ID = '$userID'");
if ($info = mysql_fetch_array( $check ))
{ 
   // Get db fields
   $email = $info['email'];
}

echo $email;

------------------------------------------------------

The PHP code works fine, but the email address variable now contains the following javascript information only after it's been retrieved from the database...

JavaScript Syntax (Toggle Plain Text)
 <script language='JavaScript' type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy22091 = 'mykiwifriend234' + '@'; addy22091 = addy22091 + 'hotmail' + '.' + 'com'; document.write( '<a ' + path + '\'' + prefix + ':' + addy22091 + '\'>' ); document.write( addy22091 ); document.write( '<\/a>' ); //-->\n </script> <script language='JavaScript' type='text/javascript'> <!-- document.write( '<span style=\'display: none;\'>' ); //--> </script>This e-mail address is being protected from spambots. You need JavaScript enabled to view it <script language='JavaScript' type='text/javascript'> <!-- document.write( '</' ); document.write( 'span>' ); //--> </script>
 <script language='JavaScript' type='text/javascript'> <!-- var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy22091 = 'mykiwifriend234' + '@'; addy22091 = addy22091 + 'hotmail' + '.' + 'com'; document.write( '<a ' + path + '\'' + prefix + ':' + addy22091 + '\'>' ); document.write( addy22091 ); document.write( '<\/a>' ); //-->\n </script> <script language='JavaScript' type='text/javascript'> <!-- document.write( '<span style=\'display: none;\'>' ); //--> </script>This e-mail address is being protected from spambots. You need JavaScript enabled to view it <script language='JavaScript' type='text/javascript'> <!-- document.write( '</' ); document.write( 'span>' ); //--> </script>

So, my question is... all I need is the "plain text" email address (as I need this to populate an editable text box on my webpage), but where is this additional javascript information coming from? ...and how can I strip this javascript data so I can obtain just the email address itself?

Thanks

Last edited by peter_budo; Jul 2nd, 2009 at 4:52 am. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.

Similar Threads

Problem passing email address through AJAX in JavaScript / DHTML / AJAX
VB6 - Look up email address from outlook address book? in Visual Basic 4 / 5 / 6
VB 6.0 - Accepting value (email address)from Inputbox in Visual Basic 4 / 5 / 6
Res. Form/Dreamweaver 8/Email to Address in HTML and CSS
username=email address inputted on submission>is this possible in PHP

nigelburrell

Reputation Points: 11

Solved Threads: 0

Light Poster

Offline

38 posts
since Jun 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

Since you mention Joomla, it is possible that this is Joomla's way of storing e-mail addresses. You could use a regular expression to strip all unnecessary code, but there could be a lot of exceptions. Maybe Joomla has a function to retrieve it built-in.

pritaeas

Sponsor

Featured Poster

Reputation Points: 550

Solved Threads: 731

Bite my shiny metal ass!

Offline

4,182 posts
since Jul 2006

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

This is Joomla's spam protection
Joomla has a plugin that obfuscates email addresses, to make it harder for scrapers and bots.
The visible address and effective address are not changed, just what robots can see.
you can probably disable the plugin somewhere in Joomla configuration.
There is likely a 'howto' on setting up the editbox without disabling spam protection, somewhere on the web. Joomla is a popular cms

Sometimes the help, is worse than the problem

Last edited by almostbob; Jul 2nd, 2009 at 10:39 am.

almostbob

Reputation Points: 562

Solved Threads: 368

Posting Maven

Offline

2,970 posts
since Jan 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

Click to Expand / Collapse Quote originally posted by pritaeas ...

Since you mention Joomla, it is possible that this is Joomla's way of storing e-mail addresses. You could use a regular expression to strip all unnecessary code, but there could be a lot of exceptions. Maybe Joomla has a function to retrieve it built-in.

Thanks your response. I found where in Joomla this is occuring. The email addresses are stored as plain text in the database, but Joomla uses a plug-in called Email Cloacking which obfuscates email addresses prior to showing them on the webpage. I simply disabled this plug-in and now all email addresses appear as plain text.

nigelburrell

Reputation Points: 11

Solved Threads: 0

Light Poster

Offline

38 posts
since Jun 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

Click to Expand / Collapse Quote originally posted by almostbob ...

This is Joomla's spam protection
Joomla has a plugin that obfuscates email addresses, to make it harder for scrapers and bots.
The visible address and effective address are not changed, just what robots can see.
you can probably disable the plugin somewhere in Joomla configuration.
There is likely a 'howto' on setting up the editbox without disabling spam protection, somewhere on the web. Joomla is a popular cms

Sometimes the help, is worse than the problem

Exactly. I discovered that Joomla has a plug-in called Email Cloacking which obfuscates email addresses prior to showing them on the webpage. I simply disabled this plug-in and now all email addresses appear as plain text.

Can I ask your opinion though... even though I'm disabling an important spam protection function, I'm assuming it doesn't matter given that email addresses are only appearing in text boxes in user-login access webpages (not publicly-accessable pages). Does that matter? Obviously, if the email addresses were published on public access pages, then yes... it's a risk, but what if they were only shown in text boxes on registered pages requiring user-login access? Surely scrapers and bots can't access such pages given that they are protected behind user logins - they would need to simulate a user login to access such information, right? Or is it best to keep the obfuscation protection enabled, and find another method to populate the text boxes with the plain text version?

Actually, I hope you don't mind but I'm going to start a new post with this subject as I'd like to gauge other user's ideas and thoughts on this. But please feel free to comment to this post if you wish. Thanks again for your post.

Last edited by nigelburrell; Jul 2nd, 2009 at 11:31 am. Reason: Adding more information

nigelburrell

Reputation Points: 11

Solved Threads: 0

Light Poster

Offline

38 posts
since Jun 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

that address is sent in clear text through however many relays, proxies, exist in the traceroute between your host and the user,
any one of them could be compromised
with an appropriate packet sniffer no plain text is safe
how likely do you enticipate interception
you could use something like
break the address at the @ sign, send two parts to
2 text boxes
1 for user name
1 for domain
and not sent the @ sign at all, and reconstruct the address in php/asp before submitting to the database,

almostbob

Reputation Points: 562

Solved Threads: 368

Posting Maven

Offline

2,970 posts
since Jan 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

Click to Expand / Collapse Quote originally posted by almostbob ...

that address is sent in clear text through however many relays, proxies, exist in the traceroute between your host and the user,
any one of them could be compromised
with an appropriate packet sniffer no plain text is safe
how likely do you enticipate interception
you could use something like
break the address at the @ sign, send two parts to
2 text boxes
1 for user name
1 for domain
and not sent the @ sign at all, and reconstruct the address in php/asp before submitting to the database,

Interesting solution, I might think about doing that. Thanks for the idea.

nigelburrell

Reputation Points: 11

Solved Threads: 0

Light Poster

Offline

38 posts
since Jun 2009

Permalink

Jul 2nd, 2009

Re: Email address contains javascript tags

Click to Expand / Collapse Quote originally posted by nigelburrell ...

Interesting solution, I might think about doing that. Thanks for the idea.

I was thinking that spambots search for email addresses that always contain a '@' SO something that doesnt include a @ will get past
<input type='text' id='mailaccount'>@<input type='text' id='maildomain'>

php Syntax (Toggle Plain Text)
$mail = $_post['mailaccount'].'@'.$_post['maildomain'];
$mail = $_post['mailaccount'].'@'.$_post['maildomain'];

I put a link to this page in all my home pages
http ://w ww.auditmypc.com/freescan/antispam.html
(link broken not sure if I would be violating DaniWeb policy),
it generates 50 fake email addresses every load to poison spambots

Last edited by almostbob; Jul 2nd, 2009 at 6:59 pm.

almostbob

Reputation Points: 562

Solved Threads: 368

Posting Maven

Offline

2,970 posts
since Jan 2009

Permalink

Jul 3rd, 2009

Re: Email address contains javascript tags

What a great idea to put two textboxes alongside each other with the "@" character in the middle. I will code this and see how it works.

Actually, I had to smile when I read your comment about the auditmypc website generating fake email addresses to poison spambots... what a great idea to fight back against spam!!

nigelburrell

Reputation Points: 11

Solved Threads: 0

Light Poster

Offline

38 posts
since Jun 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in MySQL Forum Timeline: How do I increase prices by percentage

Next Thread in MySQL Forum Timeline: Navigation?

DaniWeb Message

Cancel Changes

User Name
Password