Slashes in HTML mail?
I'm trying to write an html mail sender but I have a problem, 开发者_如何学JAVAit shows slashes.
Part of my code:
<?php
$sender = $_REQUEST["sender"];
$to = $_REQUEST["to"];
$html = $_REQUEST["html"];
$send = $_REQUEST["send"];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=' . $ce . "\r\n";
$headers .= 'To: ' . $to . "\r\n";
$headers .= 'From: ' . $sender . "\r\n";
mail($to, $title, $html, $headers);
?>
<form action="html.php" method="post">
Sender: <input type="text" name="sender" value="sender@example.com">
HTML content: <textarea cols="40" rows="5" name="html"></textarea>
<input type="submit" value="Send">
</form>
When I type an html code to the textare and send it to gmail, it show weird slashes. What mistake I'm making here?
Sounds like Magic Quotes are enabled: http://www.php.net/manual/en/security.magicquotes.php
Either disable Magic Quotes or do this:
$html = stripslashes($_REQUEST["html"]);
Also, if your script uses a from and to address from the form submission, you WILL be found by spammers who will send thousands of emails through your server until you are blocked by every spam blocker on the internet. You need to lock that down.
Any information you add to the mail header from a submission can be compromised, see this for more information: http://www.phpsecure.info/v2/article/MailHeadersInject.en.php
Try using php functions to convert html. There are quite a few. You might need to encode, decode.
$html = htmlspecialchars($_REQUEST["html"]);
Your PHP Settings are wrong, there's a setting like magic_quotes or someting, you have to disable this.
this procedure worked for me:
$mail_message; //actual email message u want to send.
$message = str_replace("\\n","<br/>",(stripslashes($mail_message)));
$message = str_replace("\\r","<br/>",$message);
I fixed this by passing the text through stripslashes();
It's not (or no longer, anyway) caused by magic_quotes, as that was removed in PHP 5.4. PHP seems to automatically add slashes to text that comes from HTML forms, as (maybe?) a security measure.
Due to server configurations there is no way.
精彩评论