使用 PHP/MYSQL 转义电子邮件中的字符
当我使用 PHP 的 mail() 函数时,我在弄清楚字符如何转义背后的逻辑时遇到问题。我使用的是 PHP 5.2,magic_quotes_qpc 打开,runtime/sybase 关闭。问题就在这里。
A 有一个接受文本输入的表单,我使用
mysqli_real_escape来转义特殊字符,以便在 SQL 语句中使用,如下所示:$text = mysqli_real_escape_string($dbc, $_GET['text']);如果我输入以下注释“我不会吃那个!”在表单中,我在数据库中看到以下内容 - “我不会吃那个!”,这正是我所期望的。如果我添加回车符/换行符,我在 phpMyAdmin 的数据库字段中看到的只是回车符和换行符,没有特殊字符(即没有“\r\n”或类似的字符)。
当我使用
mail函数发送消息(即mail($to, $subject, $text, $headers))时,我得到了一些奇怪的东西像这样在电子邮件正文中:我不会\\\不会吃那个\r\n我不能\\\不会吃那个
在一天结束时,我只想将电子邮件输出的格式与表单输入完全相同,换句话说:
I wouldn't eat that
I couldn't eat that
我不确定为什么在撇号以及为什么 \r\n 出现在我的电子邮件中。
I'm having a problem figuring out the logic behind how characters are being escaped when I use the mail() function for PHP. I'm using PHP 5.2, with magic_quotes_qpc ON and runtime/sybase OFF. Here's the problem.
A have a form that takes a text input and I use
mysqli_real_escapeto escape special characters for use in an SQL statement like such:$text = mysqli_real_escape_string($dbc, $_GET['text']);If I type the following comment "I wouldn't eat that!" into the form, I see the following in database - "I wouldn\'t eat that!", which is what I would expect. If I add carriage returns/new lines all I see in the database field in phpMyAdmin is the carriage return and newline with no special characters (i.e. no "\r\n" or anything like that).
When I use the
mailfunction to send a message (i.e.mail($to, $subject, $text, $headers)) I have been getting something weird like this in the email body:I wouldn\\\'t eat that\r\nI couldn\\\'t eat that
At the end of the day I just want the email output to be formatted exactly like the form input, in other words:
I wouldn't eat that
I couldn't eat that
I'm not sure why there is a triple escape before the apostrophe and why the \r\n is showing up in my email.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
从 MySQL 数据库检索结果时,您需要在输出上使用
stripslashes(),否则由于某种原因,它们仍将包含转义斜杠。编辑:
然后,您可以执行
$theOutput = str_replace("\\r\\n", "\r\n", $theOutput);来修复换行符。When retrieving results from the MySQL database, you need to use
stripslashes()on the output or they will still contain the escaping slashes, for some reason.Edit:
Then, you can do
$theOutput = str_replace("\\r\\n", "\r\n", $theOutput);to fix the newlines.魔术引号很糟糕。不要使用它们。
http://www.php.net/manual/en/security.magicquotes .whynot.php
如果您使用魔术引号和 mysqli_real_escape_string,那么这就解释了为什么字符串被双重转义。
关闭魔术引号(确保您的应用程序可以处理它),并且仅在插入数据库时进行转义(如果使用参数化查询,即 PDO 或 mysqli,则无需永远转义!)。
作为最后的手段,您可以尝试在字符串上使用 stripslashes 。
Magic quotes are bad. Don't use them.
http://www.php.net/manual/en/security.magicquotes.whynot.php
If you're using magic quote and mysqli_real_escape_string, then that explains why the strings are doubly escaped.
Turn off magic quotes (ensure you're app can handle that) and only escape when inserting into database (if using parameterized queries, i.e., PDO or mysqli, no need to ever escape!).
As a last resort, you can try using stripslashes on the string.