[SOLVED] &amp instead of &

I am using a textarea to allow entry of the body of an e-mail message which I am then distibuting to a set of e-mail addresses populated from a database.

The problem I am having is that text entered as & is being changed into &amp. The same thing happens to other special characters I have tried to  but I cant seem to make much headway with things like html_entity_decode. Am I barking up the wrong tree?

post some code, please.  sounds like somewhere within your code, you are running htmlentities() against the variables.  but, can't say for certain when i can't see the code.

Thanks

}else if($_POST[op] =="add") {   
$subject = $_POST[subject];
$body = $_POST[Message];
$body .= "

$row[0]
nb.  This e-mail has been sent from an e-mail address which can not receive replies.
The $header Group E-Mailer";
$to = $row[1];
$headers = 'From: e-mailer@' . "$mailbox\r\n" .
   'X-Mailer: PHP/' . phpversion();
if (mail($to, $subject, $body, $headers)) {
	 $display_block = $Masthead."<p>Message successfully sent! </p>";
	} else {
  		$display_block = $Masthead."<p>Message delivery failed...</p>";
}
}

Here is the bit where I extract the message from the $_POST and create the e-mail

is the textarea a RTE (Rich Text Editor / WYSIWYG Editor)?  or is a plain old <textarea></textarea>?

It is a plain old <textarea></textarea>

try setting the mime type as text/html

If I do that I get

Test $ £ &amp;     

The entered text was

Test $ £ &

i'm at a loss for what it could be without seeing more of your code.

OK here is the whole script

<?php /* Created on: 11/11/2009 */ 
require 'OpenDb.php';
require 'Masthead.php';
}
if ($_POST[op] != "add") {
//haven't seen the form so show it 
//Build display_block	
$display_block = $Masthead.="
<form name = \"email\" method=\"post\" action=\"index.php?page=email\">
<div align=center><h1 ALIGN=\"CENTER\">$header Enter Message Details</h1>
<table border=0>
<tr>
	<td>To</td>
	<td>";

// code for email people here
$sql = "SELECT Pilot_Name FROM tbl_pilot WHERE `e-mail` <>  'maintenance@$mailbox' AND Active =  '1'";
$result = mysql_query($sql, $conn) or die ("Invalid pilot name query");
while ($row = mysql_fetch_array($result)){
$Pilot = $row[Pilot_Name];
$display_block .= "$Pilot <br>";
}
$display_block .= "</td>
</tr>
<tr>
	<td>Subject</td>
	<td colspan=2><input type=\"text\" name=\"Subject\" size=\"110\" maxlength=\"256\">
</td>
</tr>
<tr>
	<td>Message</td>
	<td colspan=2><textarea name=\"Message\" cols=\"83\" rows=\"10\">
	</textarea></td>
<tr>
	<td><input type = \"hidden\" name=\"op\" value=\"add\">
	</td>
</tr>

<TR><TH ALIGN=\"right\">&nbsp</TH>
<td>";
if ($logged['level'] > 1)
   $display_block .= "<input type=\"submit\" name=\"submit\" value=\"Send Message\"</td>";
else
$display_block .= " </td>
</table></div>
</form></div>";
}else if($_POST[op] =="add") {   
$subject = $_POST[subject];
$body = $_POST[Message];
if (!is_null($logged['pilotid']))
{$namesql= "SELECT Pilot_Name FROM tbl_pilot WHERE Pilot_id =". $logged['pilotid'];
echo $namesql;
$result = mysql_query($namesql, $conn) or die ("Invalid pilot name query");
$row = mysql_fetch_row($result);
}
if (is_null($row[0]))
{$row[0]=$admin;
}
$body .= "

$row[0]
nb.  This e-mail has been sent from an e-mail address which can not receive replies.
The $header Group E-Mailer";

$body = stripslashes($body);
$sql = "SELECT `e-mail` FROM tbl_pilot WHERE Pilot_Name =  '$admin' or Active =  '1' and Pilot_Name <>  'Maintenance' ";
$result = mysql_query($sql, $conn) or die ("Invalid pilot e-mail name query");
while ($row = mysql_fetch_array($result)){
$to = $row[e-mail];

$headers = 'From: e-mailer@' . "$mailbox\r\n" .
   'X-Mailer: PHP/' . phpversion();
if (mail($to, $subject, $body, $headers)) {
	 $display_block = $Masthead."<p>Message successfully sent! </p>";
	} else {
  		$display_block = $Masthead."<p>Message delivery failed...</p>";
}
}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<meta http-equiv="Content-Type" content="text/html" />
<head>
<title><?php echo $header; ?> Group e-mail</title>
<?php echo $icon; ?> 
</head>
<body lang=EN-GB link=#0000FF vlink=#0000FF style='tab-interval:36.0pt' bgproperties="fixed" <?php echo $background; ?> 
<?php echo $display_block; ?> 
</body>
</html>

one thing i noticed right off-hand is that, you do not appear to close your <body tag (unless there is something in $background, but i cannot see where that has been set).  you should really try and validate your website, 'cause as it is, it won't validate.

if you echo out $_POST['message'] to the browser (without sending it via email), do you get the same issue?

If I echo out the $_POST[Message] I get the same result

There is a </body> tag in the html at the botton of the code (mind you I havn't run it through a validator  )

Got it thanks htmlspecialchars_decode() is the answer!