使用 PHP/MYSQL 转义电子邮件中的字符

发布于 2024-11-02 07:28:09 字数 788 浏览 5 评论 0原文

当我使用 PHP 的 mail() 函数时,我在弄清楚字符如何转义背后的逻辑时遇到问题。我使用的是 PHP 5.2,magic_quotes_qpc 打开,runtime/sybase 关闭。问题就在这里。

  1. A 有一个接受文本输入的表单,我使用 mysqli_real_escape 来转义特殊字符,以便在 SQL 语句中使用,如下所示:

    $text = mysqli_real_escape_string($dbc, $_GET['text']);
    
  2. 如果我输入以下注释“我不会吃那个!”在表单中,我在数据库中看到以下内容 - “我不会吃那个!”,这正是我所期望的。如果我添加回车符/换行符,我在 phpMyAdmin 的数据库字段中看到的只是回车符和换行符,没有特殊字符(即没有“\r\n”或类似的字符)。

  3. 当我使用 mail 函数发送消息(即 mail($to, $subject, $text, $headers))时,我得到了一些奇怪的东西像这样在电子邮件正文中:

    我不会\\\不会吃那个\r\n我不能\\\不会吃那个
    

在一天结束时,我只想将电子邮件输出的格式与表单输入完全相同,换句话说:

I wouldn't eat that
I couldn't eat that

我不确定为什么在撇号以及为什么 \r\n 出现在我的电子邮件中。

I'm having a problem figuring out the logic behind how characters are being escaped when I use the mail() function for PHP. I'm using PHP 5.2, with magic_quotes_qpc ON and runtime/sybase OFF. Here's the problem.

  1. A have a form that takes a text input and I use mysqli_real_escape to escape special characters for use in an SQL statement like such:

    $text = mysqli_real_escape_string($dbc, $_GET['text']);
    
  2. If I type the following comment "I wouldn't eat that!" into the form, I see the following in database - "I wouldn\'t eat that!", which is what I would expect. If I add carriage returns/new lines all I see in the database field in phpMyAdmin is the carriage return and newline with no special characters (i.e. no "\r\n" or anything like that).

  3. When I use the mail function to send a message (i.e. mail($to, $subject, $text, $headers)) I have been getting something weird like this in the email body:

    I wouldn\\\'t eat that\r\nI couldn\\\'t eat that
    

At the end of the day I just want the email output to be formatted exactly like the form input, in other words:

I wouldn't eat that
I couldn't eat that

I'm not sure why there is a triple escape before the apostrophe and why the \r\n is showing up in my email.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

独闯女儿国 2024-11-09 07:28:10

从 MySQL 数据库检索结果时,您需要在输出上使用 stripslashes(),否则由于某种原因,它们仍将包含转义斜杠。

编辑:

然后,您可以执行 $theOutput = str_replace("\\r\\n", "\r\n", $theOutput); 来修复换行符。

When retrieving results from the MySQL database, you need to use stripslashes() on the output or they will still contain the escaping slashes, for some reason.

Edit:

Then, you can do $theOutput = str_replace("\\r\\n", "\r\n", $theOutput); to fix the newlines.

虐人心 2024-11-09 07:28:09

魔术引号很糟糕。不要使用它们。

http://www.php.net/manual/en/security.magicquotes .whynot.php

如果您使用魔术引号 mysqli_real_escape_string,那么这就解释了为什么字符串被双重转义。

$text = mysqli_real_escape_string($dbc, $_GET['text']); // $_GET['text'] is already escaped

...

mail($to, $subject, $text, $headers); // Now $text contains a doubly escaped string

关闭魔术引号(确保您的应用程序可以处理它),并且仅在插入数据库时​​进行转义(如果使用参数化查询,即 PDO 或 mysqli,则无需永远转义!)。

作为最后的手段,您可以尝试在字符串上使用 stripslashes

Magic quotes are bad. Don't use them.

http://www.php.net/manual/en/security.magicquotes.whynot.php

If you're using magic quote and mysqli_real_escape_string, then that explains why the strings are doubly escaped.

$text = mysqli_real_escape_string($dbc, $_GET['text']); // $_GET['text'] is already escaped

...

mail($to, $subject, $text, $headers); // Now $text contains a doubly escaped string

Turn off magic quotes (ensure you're app can handle that) and only escape when inserting into database (if using parameterized queries, i.e., PDO or mysqli, no need to ever escape!).

As a last resort, you can try using stripslashes on the string.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文