PHP Mail Function

Greetings!

I’ve only recently signed up with Dreamhost and I’m encountering a problem with the PHP mail function that I’ve never seen before. I wrote my own mailing list app, and now, whenever I try to send an email out to the mailing list, the body is being modified by having escape characters added. For example, if I write the word we’re, the function sends email out as we/'re.

Now, I understand what the escape characters are for, but I purposely left this type of input validation out of my code since I am the only person with access to send email. I figure I should just be able to send out exactly what I type–plus, the body is saved in a variable that I only echo, so I feel that the chances of it breaking anything are minimal.

I’ve tried everything I can think of as far as modifying the email message to get rid of the escape characters, but I’ve only managed to make it worse–such as I’ll type we/'re and it will display as we///'re. I don’t know what to do, and I don’t think I should have to stop using contractions and quoations in my email. Any suggestions?

One way is the following…where TextTest is a form value from let’s say a TextArea or Text etc. with the mesage you’re filling out and $message is the 3rd option in the mail command.

$message.=stripslashes($_POST[‘TextTest’]);

Of course that could be
$message.=stripslashes(“We’re off to see the wizard…”);
etc.

Jim

Jim,

Thanks for the help, but I don’t think that solves the problem–and I tried it out to make sure. No dice.

Your method assumes that I’m passing the escape characters through the TexTest variable, where in fact I’m not doing any such thing. I think you’re method would work if I was only redisplaying the message I sent, but I’m encountering this problem in the actual emails that are being sent out. As I mentioned, I purposely excluded any type of input validation because I want to send exactly what I type.

The problem appears to be in the mail() function of Dreamhost’s PHP installation. I’m only guessing, but it’s the only way I can explain how the escape characters are being added to the body of the message. There must be some way around this…

OK, another stab…

Since you’re not using a form, $message is your body…or part at least. You’re typing the message in the script, right? As in…
$message.=stripslashes(“We’re off to see the wizard…”);

Before originally replying, I sent an email and got no such escaped '. So, is it a setting on a particular server? Dunno, but I’ve never experienced it.

Untested snippet follows:

$to="blah@blah.com";
$subject = “You have mail”;

#Clear the variable
$body="";
$body=“We’re off to see the wizard, “;
$body.=” the wonderful wizard of Oz.”;
$body = stripslashes($body);

mail ($to, $subject, $body);

If this results in escaped ', something else is going on that I’ve never experienced. Let me know what it turns out to be.

Take care.

Jim

Jim,

I have to apologize–whether it’s my FTP client or my own stupidity, the modified file with your first suggestion didn’t replace my original file. That’s why I had the same problem when I tried your solution. Definitely a boneheaded mistake, but the good news is that your first suggestion worked.

I am, in fact, using a form as you originally guessed, and I do have a couple more questions for you if you don’t mind my asking.

  1. How are the slashes getting added in to the TextTest variable from the POST form? I don’t recall ever noticing anything like this at my previous host. I thought it was just good practice to add those characters–but I never realized they would be forced upon me.

  2. You use something like $variable.= in both your examples. Is this something other than just differentiating $variable from $variable. ? I wasn’t able to find anything in the manual, so I thought I’d ask.

Thanks again, Jim.

chris

Found the answer to my first question–this is from the PHP manual. I guess my previous host had this turned off, and that’s why I never encountered the problem.

magic_quotes_gpc boolean
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ’ (single-quote), " (double quote), \ (backslash) and NUL’s are escaped with a backslash automatically.

Hi Chris.

Right, Dreamhost has magic_quotes_gpc “on” in php.ini.

What is .=?
.= is shorthand

So if I have a long coding line, rather than rambling on forever, I can break it down for readability. Back in the “old days” of programming (all the way back to 1983 in my case), if I wanted to do this, it would have taken…

$body="";
$body = “First line.”;
#Geez, before I even begin I’ve taken up a bunch of the line.
$body = $body . “Second part.”;
$body = $body . “Third part.”;
etc.

So instead I say
$body .= “blah”;
which says, take whatever is in $body now and add this to it.

Jim

Oh, I get it–you’re appending strings. I should have caught on, but as a novice who only writes code as a hobby, I tend to forget a lot of what I come across while perusing the manual. I’m sure that if I picked up an instructional book this would be one of the first things I would read about. Lesson learned.

Thanks again, Jim–it’s always good to learn something new.

Chris

You can disable this behavior by adding the following line to your .htaccess file at the root of your site:

php_flag magic_quotes_gpc off php_flag magic_quotes_runtime off The only caveat being that I don’t know that this works if you’re running PHP as CGI (the default).