2

I have a html form where visitors can fill and send me some information, as an e-mail. It sends like this:

$body = print_r($_POST, true);

mail ($to, $subject, $body, $headers);

When they write abc'def I get abc\'def

What is this additional \? How I can prevent it?

SilentGhost
  • 307,395
  • 66
  • 306
  • 293
ilhan
  • 8,700
  • 35
  • 117
  • 201

3 Answers3

7

Because of magic quotes. See here.

They don't output something different – the $_POST superglobal already has the backslash.

Artefacto
  • 96,375
  • 17
  • 202
  • 225
2

That's most possible because you have magic quotes turned on, you can however, go about like this:

if (get_magic_quotes_gpc())
{
   $new_text = stripslashes($text);
}

Now $new_text should output normally.

Sarfraz
  • 377,238
  • 77
  • 533
  • 578
  • 2
    IMO, he should just disable the magic quotes. Those checks pollute the code and there's really no reason to have a server with magic quotes turned on. – Artefacto Jun 17 '10 at 17:29
  • @Artefacto: That's true, he should simply disable them. A good decision taken to strip them away from future versions as well :) – Sarfraz Jun 17 '10 at 17:32
  • 1
    @Artefacto if the OP wants to build portable code for environments he has no control over, there is no way but to use these kinds of checks until PHP 6 is there. – Pekka Jun 17 '10 at 17:32
2

The backslash is an escape character - it lets the parser know that you don't want to use the single-quote in the normal way that PHP understands them. If you want to remove them in your output, use the stripslashes method.

string stripslashes ( string $str )

Andy
  • 14,260
  • 4
  • 43
  • 56