views:

89

answers:

3

I have a html form where visitors can fill and send me some information, as an e-mail. It sends like this:

$body = print_r($_POST, true);

mail ($to, $subject, $body, $headers);

When they write abc'def I get abc\'def

What is this additional \? How I can prevent it?

+6  A: 

Because of magic quotes. See here.

They don't output something different – the $_POST superglobal already has the backslash.

Artefacto
+2  A: 

That's most possible because you have magic quotes turned on, you can however, go about like this:

if (get_magic_quotes_gpc())
{
   $new_text = stripslashes($text);
}

Now $new_text should output normally.

Sarfraz
IMO, he should just disable the magic quotes. Those checks pollute the code and there's really no reason to have a server with magic quotes turned on.
Artefacto
@Artefacto: That's true, he should simply disable them. A good decision taken to strip them away from future versions as well :)
Sarfraz
@Artefacto if the OP wants to build portable code for environments he has no control over, there is no way but to use these kinds of checks until PHP 6 is there.
Pekka
+2  A: 

The backslash is an escape character - it lets the parser know that you don't want to use the single-quote in the normal way that PHP understands them. If you want to remove them in your output, use the stripslashes method.

string stripslashes ( string $str )

Andy