Question:
problem with quotation marks in php strings?
exxos
2009-05-09 14:27:45 UTC
I created a simple email form that works fine, though when the quotation marks appear in the string they come out as /" in the email. If I change anything then I get the HTML values such as "e or whatever.

The string itself could be

This "THIS" This

though what I get back is

This /"THIS/" This

Even if I just have a text box and post the data to a output page I get the same problem.

So is there any tricks to stop PHP from changing the strings in this way ?
Four answers:
Rob Y
2009-05-10 02:26:41 UTC
My guess is that you have magic_quotes_gpc enabled. This automatically adds a backslash before quotes in HTTP GET or POST data (i.e. data from forms). GPC stands for get/post/cookie, the 3 ways in which a user can give input to your script. It is designed to protect databases from SQL injection, but causes all kinds of problems, and it's better to add the slashes yourself whenever you query your database.



Most of the time when you are just outputting the data to a page (or email) the slashes are not needed.



An easy way to tell if it's on is simply upload and run this script:




echo get_magic_quotes_gpc();

?>



If it says 1, then it's on! You could also run phpinfo(), it's in there somewhere.



If it is indeed on, a portable solution is to check it in the script and react accordingly, e.g.



if (get_magic_quotes_gpc()) {

$emailbody = stripslashes($_POST['emailbody']);

} else {

$emailbody = $_POST['emailbody'];

}



This will work whether magic_quotes_gpc is enabled or not. An alternative is simply to disable it in your php.ini.
Bob M
2009-05-10 02:56:27 UTC
If you took user input



..."my name is "fred" and I quote too much"



Then tried to send that to a database, or use some string function on it, you would get an error. PHP has 'magic_quoted' it for you (you can turn that off by the way). so that you don't have to fret.



But you do right to fret. It is important for you to take a few hours out to sorh this in your head. First you need to know 'when' magic_quotes comes into play. You don't want to be writing code and suddenly find magic_quotes inteferes. It is because of the unexpected interference that magic_quotes is often turned off. With developers prefering to use their own regex lin to check and quote.



Addslashes and stripslashes are handy beasts, these are really functions created from the regex's mentioned just now, they do a good job.





Here are the things you need to look at for dealing with quotes -

addslashes

stripslashes

magic_quotes



You want to know when as well as what. Magic_quotes was the only one of the three that interfered unexpectedly, I like magic_quotes to be on, its just that you need to know what it does
2016-04-09 09:29:03 UTC
addslashes etc. only make strings PHP-safe. The correct function to use with MySQL is mysql_real_escape_string Info below:
just "JR"
2009-05-10 00:54:04 UTC
Not knowing exactly how your message is formated, it is hard to give you a solution.

However, you can try this:

$msg = the whole text of your message with quotes

mail ( $to, $subject, stripslashes($msg), $headers);


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...