Bottyz Posted August 25, 2010 Share Posted August 25, 2010 Hi all, I've been running a basic contact us form using a textarea for users to send us enquiries for a few months now. We have a few foreign users that use special accented characters like umlaut etc... Which are common to lots of languages other than english. When the php script processes the data and sends it in a html based email it screws up the symbols and sends a load of rubbish where they should be. I have been trying out a few variations of script but cannot get any to display correctly. Old script: function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) return stripslashes($str); else return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Current Version (My attempt at editing the code to convert specialchars still doesnt work correctly): function previous_request_value($str) { if (isset($_REQUEST[$str]) ) return $_REQUEST[$str]; else return ''; } function cndstrips($str) { if (get_magic_quotes_gpc()) { $str = htmlspecialchars(stripslashes($str), ENT_QUOTES); } else { $str = htmlspecialchars($str, ENT_QUOTES); } preg_replace('/&(?![A-Za-z0-9#]{1,7};)/','&',$str); return $str; } $visitor_email=cndstrips(trim(previous_request_value('visitor_email'))); $visitor_name=cndstrips(trim(previous_request_value('visitor_name'))); $visitor_companyname=cndstrips(trim(previous_request_value('visitor_companyname'))); $message_body=cndstrips(trim(previous_request_value('message_body'))); $message_telephone=cndstrips(trim(previous_request_value('message_telephone'))); $msg_subject=cndstrips(trim(previous_request_value('msg_subject'))); Any ideas where i'm going wrong? Plus another slightly annoying feature is if a user enters html entities as & instead of just &, it double encodes it to & I have tried to use htmlspecialchars_decode first but it crashes the whole script. I'd appreciate any help available. Thanks. Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted August 25, 2010 Share Posted August 25, 2010 You probably don't want htmlspecialchars() and you probably want to set an email header as: Content-Type: text/plain; charset="UTF-8", and the HTML page with the form should be UTF-8 as well. Quote Link to comment Share on other sites More sharing options...
Bottyz Posted August 25, 2010 Author Share Posted August 25, 2010 You probably don't want htmlspecialchars() and you probably want to set an email header as: Content-Type: text/plain; charset="UTF-8", and the HTML page with the form should be UTF-8 as well. Hi AbraCadaver, I put the information from the form into a html based email so if i change the header to text/plain as you stated won't this screw up my email? My current header reads as below: $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted August 25, 2010 Share Posted August 25, 2010 That was just an example: Content-Type: text/html; charset=UTF-8 Quote Link to comment Share on other sites More sharing options...
Bottyz Posted August 26, 2010 Author Share Posted August 26, 2010 That was just an example: Content-Type: text/html; charset=UTF-8 I have changed the email header to convert to the utf-8 charset as you suggested which helped but didn't solve the problem. I have however modified the input screening script a few more times since then and the following seems to work: function cndstrips($str) { if (get_magic_quotes_gpc()) { return htmlentities(utf8_decode(html_entity_decode(stripslashes($str)))); } else { return htmlentities(utf8_decode(html_entity_decode($str))); } } I'm I over encoding/decoding of inputs using the above? Or does anyone see any possible issues regarding xss or hack attempts with the above? I've done some research but my knowledge in that area is still limited. Thanks for the pointers so far! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.