[RESOLVED] stripslashes Syntax

bcgm3

I have a simple contact form on my site that passes the data to a very small PHP script, which in turn passes the data to my e-mail address.

The problem is, there are escape slashes in front of apostrophes and quotation marks. I've looked into it and read about stripslashes and stripcslashes, and have tried every permutation I've seen (and just used my best guess to make some up, to see if they'd work)... But alas, the slashes are still in the submitted data by the time it reaches my inbox.

Could someone tell me where to integrate the stripslahes function into my script? Also, I'd really appreciate any insight you may have on stripslashes vs. stripcslashes, as I've seen both recommended over the other for what seems to be the same purpose.

Here's my script as it exists now:

$email = $HTTP_POST_VARS[email];
$mailto = "bcgm3@bcgm3.com";
$mailsubj = "BCGM3 Studios : Web and Graphic Design : Contact";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Submitted Message Data:\n";
$mailbody = stripcslashes($mailbody);
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); }

NogDog

Well...the best solution would probably be to turn off [man]magic_quotes[/man] on your host, since it is now considered a deprecated feature (and won't even be available in PHP6). Also, $HTTP_POST_VARS is old stuff and should be replaced with $_POST (unless you're using a really old version of PHP). Anyway, if it is not possible to disable magic_quotes, then for forward compatibility you might do:

email = $HTTP_POST_VARS[email];
$mailto = "bcgm3@bcgm3.com";
$mailsubj = "BCGM3 Studios : Web and Graphic Design : Contact";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Submitted Message Data:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) // magic_quotes is ON
{
   $mailbody = stripslashes($mailbody);
}
if (!eregi("\n",$HTTP_POST_VARS[email])) { mail($mailto, $mailsubj, $mailbody, $mailhead); }

bcgm3

Just what I was looking for, NogDog.

I had been adding

$mailbody = stripslashes($mailbody);

just after the first declaration of the "mailbody" variable ... (line 6 of the code snippet in my first post). Moving it down a few lines gave me the desired result, which suits me for now.

I'll look into the magic_quotes ordeal. I know my hosting company, GoDaddy, is using an older version of PHP. It's been a while since I checked, but it's probably only gotten more outdated since then. I'll contact them about it directly.

Thanks again!

NogDog

Depending on how GoDaddy has the host configured, you may have a site-specific PHP configuration file you can modify to turn off magic_quotes. (It's been a year or so since I did any work for someone there, and I don't recall how they had it set up -- and of course there's not guarantee they haven't changed things since then.)