The problem is with this PHP code that goes through an AJAX function and sends the content of a Form to a specific e-mail.
The essential part of the script is working, but some text appears to be converted in the Inbox when the e-mail arrives. Specifically, single-quotes (') are replaced with double-quotes (").
After searching the web and browsing SO, I couldn't find an answer. Any help would be deeply appreciated. The code follows.
<?php
require '../config/squareconfig.php';
if($_POST)
{
//check if ajax request, exit if not
if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
die();
}
//check $_POST vars are set, exit if any missingc
if(!isset($_POST["usercName"]) || !isset($_POST["usercEmail"]) || !isset($_POST["usercMessage"]))
{
die();
}
//Sanitize input data using PHP filter_var().
$user_cName = filter_var($_POST["usercName"], FILTER_SANITIZE_STRING);
$user_cEmail = filter_var($_POST["usercEmail"], FILTER_SANITIZE_EMAIL);
$user_cMessage = filter_var($_POST["usercMessage"], FILTER_SANITIZE_STRING);
if(strlen($user_cName)<4) // If length is less than 4 it will throw an HTTP error.
{
header('HTTP/1.1 500 Name is too short or empty!');
exit();
}
if(!filter_var($user_cEmail, FILTER_VALIDATE_EMAIL)) //email validation
{
header('HTTP/1.1 500 Please enter a valid email!');
exit();
}
if(strlen($user_cMessage)<5) //check emtpy message
{
header('HTTP/1.1 500 Too short message! Please enter something.');
exit();
}
//proceed with PHP email.
$headers = 'From: '.$user_cEmail.' ';
$templatemail = PHP_EOL . PHP_EOL . 'User E-mail:' . PHP_EOL . $user_cEmail;
@$sentMail = mail($squarecmail, $squarecsubject, $user_cMessage . PHP_EOL . $templatemail, $user_cName);
if(!$sentMail)
{
header('HTTP/1.1 500 Could not send mail! Sorry..');
exit();
}else{
echo $squarectymessage . '<br>' . '<div class="subagain">' . $squarecontagain . '</div>';
?>
<script type="text/javascript">
$('#contact_form').fadeOut();
</script>
<?php
}
}
I'm uncertain about the "problem", but a reasonable suggestion might be to send the e-mail as HTML, since filter_var()
returns html-entities for non-alphanumeric characters. Specify the content type for the e-mail message.
$headers = "From: [email protected]\r\n";
$headers .= "Reply-To: [email protected]\r\n";
$headers .= "CC: [email protected]\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$mail_sent = @mail($sender, $subject, $message, $headers);
The above suggestion is based on the fact that FILTER_SANITIZE_STRING causes html-unicode-encoding (or some such) on the mentioned characters.
$ php-shell
PHP-Shell - Version 0.3.1, with readline() support
(c) 2006, Jan Kneschke <[email protected]>
>> echo filter_var('\' -- "', FILTER_SANITIZE_STRING);
' -- "