Search code examples
ajaxphpmailer

PHPmailer - After Form submitted the Inbox message displays HTML numeric code

The problem is with this PHP code that goes through an AJAX function and sends the content of a Form to a specific e-mail.

The essential part of the script is working, but some text appears to be converted in the Inbox when the e-mail arrives. Specifically, single-quotes (') are replaced with double-quotes (").

After searching the web and browsing SO, I couldn't find an answer. Any help would be deeply appreciated. The code follows.

<?php
require '../config/squareconfig.php';

   if($_POST)
{
//check if ajax request, exit if not
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
    die();
} 

//check $_POST vars are set, exit if any missingc
if(!isset($_POST["usercName"]) || !isset($_POST["usercEmail"]) || !isset($_POST["usercMessage"]))
{
    die();
}

//Sanitize input data using PHP filter_var().
$user_cName        = filter_var($_POST["usercName"], FILTER_SANITIZE_STRING);
$user_cEmail       = filter_var($_POST["usercEmail"], FILTER_SANITIZE_EMAIL);
$user_cMessage     = filter_var($_POST["usercMessage"], FILTER_SANITIZE_STRING);
if(strlen($user_cName)<4) // If length is less than 4 it will throw an HTTP error.
{
    header('HTTP/1.1 500 Name is too short or empty!');
    exit();
}
if(!filter_var($user_cEmail, FILTER_VALIDATE_EMAIL)) //email validation
{
    header('HTTP/1.1 500 Please enter a valid email!');
    exit();
}
if(strlen($user_cMessage)<5) //check emtpy message
{
    header('HTTP/1.1 500 Too short message! Please enter something.');
    exit();
}

//proceed with PHP email.
$headers = 'From: '.$user_cEmail.' ';
$templatemail = PHP_EOL . PHP_EOL . 'User E-mail:' . PHP_EOL . $user_cEmail;
@$sentMail = mail($squarecmail, $squarecsubject, $user_cMessage . PHP_EOL . $templatemail, $user_cName);

if(!$sentMail)
{
    header('HTTP/1.1 500 Could not send mail! Sorry..');
    exit();
}else{
    echo $squarectymessage . '<br>' . '<div class="subagain">' . $squarecontagain . '</div>';
    ?>
    <script type="text/javascript">
        $('#contact_form').fadeOut();
    </script>
    <?php

}
}
Solution

  • I'm uncertain about the "problem", but a reasonable suggestion might be to send the e-mail as HTML, since filter_var() returns html-entities for non-alphanumeric characters. Specify the content type for the e-mail message. 

    $headers = "From: [email protected]\r\n";
$headers .= "Reply-To: [email protected]\r\n";
$headers .= "CC: [email protected]\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

$mail_sent = @mail($sender, $subject, $message, $headers);

    The above suggestion is based on the fact that FILTER_SANITIZE_STRING causes html-unicode-encoding (or some such) on the mentioned characters.

    $ php-shell
PHP-Shell - Version 0.3.1, with readline() support
(c) 2006, Jan Kneschke <[email protected]>

>> echo filter_var('\' -- "', FILTER_SANITIZE_STRING);
&#39; -- &#34;