Re: Retrieving special characters

"Larry" <noway@xxxxxxxx> wrote in message
news:V0tWf.18925$%d.8259@xxxxxxxxxxxxxxxxxxxxxxx
In article <YhqWf.216$5g7.95@xxxxxxxxxxxxxxxxxxxxxxx>, "Kimmo Laine"
<spam@xxxxxxxxxxxxx> wrote:
"Larry" <noway@xxxxxxxx> wrote in message
news:tynWf.16641$w86.1083@xxxxxxxxxxxxxxxxxxxxxxx
OK, I've been searching around the net for numerous hours and seem to
just
be
getting more confused about handling special characters.

In my host's configuration MagicQuotes is ON. (I understand this is
considered
a bad thing by many)

A user submitted an email in the form 'Bob Smith' <bob@xxxxxxxxxx>
Now when I look in the MySql database (via PhpMyAdmin) it's exactly
that,
but
when I try to retrieve it with a standard query, it echo's or prints as
Bob
Smith. I have the same problem with a store name containing a single
apostrophe. Obviously the single quote is stopping it, but how do I get
past
that?


In HTML <bob@xxxxxxxxxx> will be concidered as a tag, nonsense tag since
it's not really a tag but the <> make html think it is, therefor it's
hidden. To fix it, special chars need to be converted to format where html
does not concider them as control characters such as tag delimiters. There
is a function that does this conversion called htmlspecialchars.

Try something like:
echo htmlspecialchars("'Bob Smith' <bob@xxxxxxxxxx>");

http://php.net/htmlspecialchars


Actually I am placing the value into a hidden form field that's then
emailed
via a formmail program.

echo("<input type='hidden' name='my_email' value='$email'>");


Please please please concider an alternative solution! Form mail scripts
like that are very potential spam relays, especially the Formmail from Matts
Script Archive is the most classic exploited script. Do yourself and
everyone else a favor and study a bit how such solutions get exploited.
Basicly spammers replace the value with another email address and send their
own shit using your script.

http://www.google.com/search?hl=en&q=formmail+spam+relay+exploit&btnG=Google+Search
http://rickconner.net/spamweb/spam_formmail.html

--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö
spam@xxxxxxxxxxxxx | Gedoon-S @ IRCnet | rot13(xvzzb@xxxxxxxxxxxxx)


.

Relevant Pages

  • Re: RFD: How To Recognize Bad Javascript Code
    ... Elements consist of tags ... Your example `script' elements are empty where they should have ... | Using the pseudo-protocol javascript in the href is never valid. ... Some web developers use this to work ...
    (comp.lang.javascript)
  • Re: Community problem
    ... >I belong to a small web community that is based around a horse racing game. ... >On the site we have a disscussion forum for the members to post messages, ... The script he uses is placed in the message ... Any unclosed tag in the same position would probably do the same. ...
    (comp.lang.javascript)
  • Re: Help-Need confirmation page email address to be assigned to a javascript variable - Stuc
    ... I have tried that and just awaiting results from the tracking company...but ... as you say the problem lies in the statement between the no script tags ... JavaScript - and JavaScript is not available if a tag is ...
    (microsoft.public.frontpage.programming)
  • Re: Double-document.write(...) insert
    -like space?
    ... What is with all that voodoo scripting by breaking up tags that have no ... Then why not just write the image tag anyway? ... It isn't the word script that ends it, it is the character sequence </ that can end it - it is up to the browser. ... want to use it based on a JavaScript value, I have to do this nested ...
    (comp.lang.javascript)
  • Re: Retrieving special characters
    ... getting more confused about handling special characters. ... In HTML will be concidered as a tag, ... is a function that does this conversion called htmlspecialchars. ...
    (comp.lang.php)