0

This is my first website so please be kind.

My form in my index.php has method="post" action="mailer.php"

in my mailer.php I have the following code which I had hoped would take care of single and double quotes which may be entered into the message textarea

$message = $_POST;
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Back in my index.php I echo $_POST but when it echos the message it has slashes in the message area e.g. don't becomes don\'t. How do I get rid of those?

3
Contributors
5
Replies
6
Views
7 Years
Discussion Span
Last Post by cwarn23
0

Hey,

You should really put any code you post in tags.

[half asleep, sorry]

Edited by Phil++: n/a

0

Hey, sorry I was half asleep lol :(!

It seems your problem is down to this:

$message = $_POST['message']; 
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Should be:

$message = $_POST['message'];
$display_message = stripslashes($message);
echo $display_message; // instead of 'message'

hope this helps!

0

Hey, sorry I was half asleep lol :(!

It seems your problem is down to this:

$message = $_POST['message']; 
$message = str_replace(array("\r\n","\r","\n")," ",$message);
$message = stripslashes($message);

Should be:

$message = $_POST['message'];
$display_message = stripslashes($message);
echo $display_message; // instead of 'message'

hope this helps!

Why do I need to use another variable $display_message?

0

Why do I need to use another variable $display_message?

You don't and would be wiser not to. You should always use stripslashes on $_POST and so below is a faster executing example.

$message = stripslashes($_POST['message']);
echo $message;

Of course you could try the below but there is no guarantee of maintaining the new data.

$_POST['message']= stripslashes($_POST['message']);
echo $_POST['message'];

As for the cause behind all of this the problem is magic quotes. magic quotes is an option in the php.ini file which automatically escapes quotes so that $_POST data is more secure for mysql query's when a user doesn't use the mysql_real_escape_string() function. So to avoid this annoying feature you have two options. Disable it in the php.ini file or the better option is just to use the stripslashes function.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.