0

Hi.
I have a PHP script on a form.
It generates a mailto command with lots of variables pulled from the form fields.

The only problem with it is that if someone types &, % or ; in the fields then it will only generate the email up to that character, the rest is missing.

I've done a little researched and im not sure but maybe htmlspecialchars could be a solution?
I'm not 100% what to do, but it is vital I get this right ASAP.
I hope you can help.

<?php
	if(isset($_POST['imtform_submit']) && $_POST['imtform_pass'] == "xxxxxx" && isset($_POST['imtform_upd'])) {
	
	// Get Variables from form
	$imtform_summary = $_POST['imtform_summary'];
	$imtform_ref = $_POST['imtform_ref'];
	$imtform_cate = $_POST['imtform_cate'];
	$imtform_type = $_POST['imtform_type'];
	$imtform_item = $_POST['imtform_item'];
	$imtform_grp = $_POST['imtform_grp'];
	$imtform_pass = $_POST['imtform_pass'];
	$imtform_upd = $_POST['imtform_upd'];
	$imtform_agnt = $_POST['imtform_agnt'];
	
	// Update frontend IMT Shout
		$File = "../matt/inc/imt.txt";
		$fh = fopen($File, 'w') or die("can't open file");
		fwrite($fh, $_POST['imtform_summary']) or die("can't write file");
		fclose($fh);

	// Generate and open email	
	print "<meta http-equiv='refresh' target='_PARENT 'content='0;URL=mailto:<email recepients>&subject=UPDATE: ".$imtform_summary." - ".$imtform_ref."&body=The following Master Ticket has been created to link all calls to:%0A%0A".$imtform_summary."%0A%0ACategory - ".$imtform_cate."%0AType - ".$imtform_type."%0AItem - ".$imtform_item."%0A%0ARemedy Reference - ".$imtform_ref."%0A%0AThis is currently logged with ".$imtform_grp."%0A%0A,<certain team> are aware.%0A%0AThis is an update.%0AUpdate Notes: '/>";
	
?>
<form action="#" method="POST">
	IMT Ticket Summary<br/><input class="form_box" type="text" name="imtform_summary" size="30"/><br />
	Ticket Reference<br/><input class="form_box" type="text" name="imtform_ref" size="20"/><br />
	Ticket Category<br/><input class="form_box" type="text" name="imtform_cate" size="30"/><br />
	Ticket Type<br/><input class="form_box" type="text" name="imtform_type" size="30"/><br />
	Ticket Item<br/><input class="form_box" type="text" name="imtform_item" size="30"/><br />
	Ticket Group<br/><input class="form_box" type="text" name="imtform_grp" size="30"/><br />
	Agent Name<br/>
	<select name="imtform_agnt">
	i removed this
	</select><br/>
	Agent Password<br/><input class="form_box" type="password" name="imtform_pass" size="20"/><br />
	Is this an update?<input type="checkbox" name="imtform_upd"/><br>
	<input class="form_box" type="submit" name="imtform_submit" value="Submit IMT & Open Email" Email" size="30"/>
</form>
3
Contributors
6
Replies
7
Views
6 Years
Discussion Span
Last Post by Clarkeez
0

Hi,

you need to encode these special characters, not "escape them". In PHP, characters are "escaped" using a backslash... for example if you want a quote in a string:

$string = "here is a double quote now \" followed by this text";

These escaped characters must be "unescaped" when parsed again. In the above example, next time PHP reads that variable it will interpret the string as - here is a double quote now " followed by this text - BUT...

& is a special character and must be "encoded" properly before using in html - you may have seen, and in fact need to encode & as "&amp;".

To do this, use the function: urlencode() when creating your string variables, for example:

$imtform_summary = $_POST['imtform_summary'];

should be

$imtform_summary = urlencode($_POST['imtform_summary']);

If this doesn't work, try using htmlentities, or htmlspecialchars, but urlencode was designed for this sort of thing, given that you are using a mailto:url

Let us know how you get on :)

Edited by _Rade: wierd line break

0

Thankyou very much Rade.
I will try this first thing tomorrow.

0

Just tested it locally. IF freaking works!
YOUR A STAR!
Thank you VERY much!

0

Ah.
Just spotted a problem.
Every space is turned into a +
So+sentences+look+like+this.

Anyway around this?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.