PHP Mail Function

cxp344 · 2005-02-02 15:28:36 UTC

Greetings!

I’ve only recently signed up with Dreamhost and I’m encountering a problem with the PHP mail function that I’ve never seen before. I wrote my own mailing list app, and now, whenever I try to send an email out to the mailing list, the body is being modified by having escape characters added. For example, if I write the word we’re, the function sends email out as we/'re.

Now, I understand what the escape characters are for, but I purposely left this type of input validation out of my code since I am the only person with access to send email. I figure I should just be able to send out exactly what I type–plus, the body is saved in a variable that I only echo, so I feel that the chances of it breaking anything are minimal.

I’ve tried everything I can think of as far as modifying the email message to get rid of the escape characters, but I’ve only managed to make it worse–such as I’ll type we/'re and it will display as we///'re. I don’t know what to do, and I don’t think I should have to stop using contractions and quoations in my email. Any suggestions?

jimspics · 2005-02-02 16:20:04 UTC

One way is the following…where TextTest is a form value from let’s say a TextArea or Text etc. with the mesage you’re filling out and $message is the 3rd option in the mail command.

$message.=stripslashes($_POST[‘TextTest’]);

Of course that could be
$message.=stripslashes(“We’re off to see the wizard…”);
etc.

Jim

cxp344 · 2005-02-02 16:44:59 UTC

Jim,

Thanks for the help, but I don’t think that solves the problem–and I tried it out to make sure. No dice.

Your method assumes that I’m passing the escape characters through the TexTest variable, where in fact I’m not doing any such thing. I think you’re method would work if I was only redisplaying the message I sent, but I’m encountering this problem in the actual emails that are being sent out. As I mentioned, I purposely excluded any type of input validation because I want to send exactly what I type.

The problem appears to be in the mail() function of Dreamhost’s PHP installation. I’m only guessing, but it’s the only way I can explain how the escape characters are being added to the body of the message. There must be some way around this…

jimspics · 2005-02-02 16:57:13 UTC

OK, another stab…

Since you’re not using a form, $message is your body…or part at least. You’re typing the message in the script, right? As in…
$message.=stripslashes(“We’re off to see the wizard…”);

Before originally replying, I sent an email and got no such escaped '. So, is it a setting on a particular server? Dunno, but I’ve never experienced it.

Untested snippet follows:

$to="blah@blah.com";
$subject = “You have mail”;

#Clear the variable
$body="";
$body=“We’re off to see the wizard, “;
$body.=” the wonderful wizard of Oz.”;
$body = stripslashes($body);

mail ($to, $subject, $body);

If this results in escaped ', something else is going on that I’ve never experienced. Let me know what it turns out to be.

Take care.

Jim

cxp344 · 2005-02-02 17:23:44 UTC

Jim,

I have to apologize–whether it’s my FTP client or my own stupidity, the modified file with your first suggestion didn’t replace my original file. That’s why I had the same problem when I tried your solution. Definitely a boneheaded mistake, but the good news is that your first suggestion worked.

I am, in fact, using a form as you originally guessed, and I do have a couple more questions for you if you don’t mind my asking.

How are the slashes getting added in to the TextTest variable from the POST form? I don’t recall ever noticing anything like this at my previous host. I thought it was just good practice to add those characters–but I never realized they would be forced upon me.
You use something like $variable.= in both your examples. Is this something other than just differentiating $variable from $variable. ? I wasn’t able to find anything in the manual, so I thought I’d ask.

Thanks again, Jim.

chris

cxp344 · 2005-02-02 17:38:14 UTC

Found the answer to my first question–this is from the PHP manual. I guess my previous host had this turned off, and that’s why I never encountered the problem.

magic_quotes_gpc boolean
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ’ (single-quote), " (double quote), \ (backslash) and NUL’s are escaped with a backslash automatically.

jimspics · 2005-02-02 18:07:10 UTC

Hi Chris.

Right, Dreamhost has magic_quotes_gpc “on” in php.ini.

What is .=?
.= is shorthand

So if I have a long coding line, rather than rambling on forever, I can break it down for readability. Back in the “old days” of programming (all the way back to 1983 in my case), if I wanted to do this, it would have taken…

$body="";
$body = “First line.”;
#Geez, before I even begin I’ve taken up a bunch of the line.
$body = $body . “Second part.”;
$body = $body . “Third part.”;
etc.

So instead I say
$body .= “blah”;
which says, take whatever is in $body now and add this to it.

Jim

cxp344 · 2005-02-02 18:44:01 UTC

Oh, I get it–you’re appending strings. I should have caught on, but as a novice who only writes code as a hobby, I tend to forget a lot of what I come across while perusing the manual. I’m sure that if I picked up an instructional book this would be one of the first things I would read about. Lesson learned.

Thanks again, Jim–it’s always good to learn something new.

Chris

kchrist · 2005-02-03 00:52:03 UTC

You can disable this behavior by adding the following line to your .htaccess file at the root of your site:

php_flag magic_quotes_gpc off php_flag magic_quotes_runtime offThe only caveat being that I don’t know that this works if you’re running PHP as CGI (the default).