when receiving the mail(php mail function), the variable's last value is getting converted to $ or # replacing the digit
Below is my code:
But when I receive the mail, I don't get the last two digits in the $post_url.
I tried displaying the same message on the page and it displayes $post_url properly.
But when I receive the mail, I get the value of $post_url as www.32minutesforum.com/post_clicked.php?id$.
where as I should get www.32minutesforum.com/post_clicked.php?id<some number>.
i.e. www.32minutesforum.com/post_clicked.php?id15
Please help!
File:
<?php
include 'connect.php';
include 'header.php';
echo '<div class="holder_content">';
echo '<section class="group_text">';
echo 'Posted successfully. Check your post <a href="'.$_SESSION['reply_post_id'].'">HERE</a>';
$post_url = $_SESSION['reply_post_id'];
$to= $_SESSION['post_email'];
$subject="You just got a reply for your post in 32minutesforum.com";
$message='
<html>
<head>
<title>32 Minutes Forum</title>
</head>
<body>
<p>You got a reply for your post title: '. $_SESSION['post_title'].'.</p>
<p>Check your post in:<br/>www.32minutesforum.com/'.$post_url.'.</p>
<p>Thanks for using 32minutesforum.com.<br/>
Thank you,<br/>
32minutesforum.com Team.</p>
</body>
</html>';
$message=stripslashes($message);
//$message = wordwrap($message, 90);
echo '<br/>message:'.$message.'<br/>';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
$headers .= 'Reply-To: '.$from_email.' . "\r\n";
$headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
if(mail($to, $subject, $message, $headers))
{
$to=$_SESSION['reply_email'];
$message='
<html>
<head>
<title>32 Minutes Forum</title>
</head>
<body>
<p>You replied to the post title: '. $_SESSION['post_title'].'.</p>
<p>Please check for updates and further replies in: www.32minutesforum.com/'.htmlentities($post_url).'.</p><br/>
<p>Thanks for using 32minutesforum.com.<br/>
Thank you,<br/>
32minutesforum.com Team.</p>
</body>
</html>';
//$message=stripslashes($message);
$message = wordwrap($message, 90);
echo '<br/>message:'.$message.'<br/>';
$subject="You just replied for a post in 32minutesforum.com";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
$headers .= 'Reply-To: '.$from_email.' . "\r\n";
$headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
if(mail($to, $subject, $message, $headers))
{
//header("Location:thank_you.php?a=1");
echo "<br/>A mail has been sent to you and the post creator.";
}
else
{
echo "<br/>Could not Send Mail to you.";
exit;
}
}
else
{
echo "Could not send an intimation to the post owner but both owner and you can always check <a href=".$_SESSION['reply_post_id'].">here </a>for details, replies and updates...";
exit;
}
echo '</section></div>';
include 'footer.php';
?>
hara.acharya
comp.lang.php
32646 articles. 
0 followers.
5 Replies
4148 Views
Similar ArticlesOn 12/3/2012 3:21 AM, hara.acharya@gmail.com wrote:
> Below is my code:
> But when I receive the mail, I don't get the last two digits in the $post_url.
> I tried displaying the same message on the page and it displayes $post_url properly.
> But when I receive the mail, I get the value of $post_url as www.32minutesforum.com/post_clicked.php?id$.
> where as I should get www.32minutesforum.com/post_clicked.php?id<some number>.
> i.e. www.32minutesforum.com/post_clicked.php?id15
> Please help!
> File:
> <?php
> include 'connect.php';
> include 'header.php';
>
> echo '<div class="holder_content">';
> echo '<section class="group_text">';
> echo 'Posted successfully. Check your post <a href="'.$_SESSION['reply_post_id'].'">HERE</a>';
>
> $post_url = $_SESSION['reply_post_id'];
> $to= $_SESSION['post_email'];
> $subject="You just got a reply for your post in 32minutesforum.com";
> $message='
> <html>
> <head>
> <title>32 Minutes Forum</title>
> </head>
> <body>
> <p>You got a reply for your post title: '. $_SESSION['post_title'].'.</p>
> <p>Check your post in:<br/>www.32minutesforum.com/'.$post_url.'.</p>
>
> <p>Thanks for using 32minutesforum.com.<br/>
> Thank you,<br/>
> 32minutesforum.com Team.</p>
> </body>
> </html>';
>
> $message=stripslashes($message);
> //$message = wordwrap($message, 90);
> echo '<br/>message:'.$message.'<br/>';
> $headers = 'MIME-Version: 1.0' . "\r\n";
> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>
> if(mail($to, $subject, $message, $headers))
> {
> $to=$_SESSION['reply_email'];
>
> $message='
> <html>
> <head>
> <title>32 Minutes Forum</title>
> </head>
> <body>
> <p>You replied to the post title: '. $_SESSION['post_title'].'.</p>
> <p>Please check for updates and further replies in: www.32minutesforum.com/'.htmlentities($post_url).'.</p><br/>
>
> <p>Thanks for using 32minutesforum.com.<br/>
> Thank you,<br/>
> 32minutesforum.com Team.</p>
> </body>
> </html>';
>
> //$message=stripslashes($message);
> $message = wordwrap($message, 90);
> echo '<br/>message:'.$message.'<br/>';
> $subject="You just replied for a post in 32minutesforum.com";
>
> $headers = 'MIME-Version: 1.0' . "\r\n";
> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>
>
>
> if(mail($to, $subject, $message, $headers))
> {
> //header("Location:thank_you.php?a=1");
> echo "<br/>A mail has been sent to you and the post creator.";
> }
> else
> {
> echo "<br/>Could not Send Mail to you.";
> exit;
> }
> }
> else
> {
> echo "Could not send an intimation to the post owner but both owner and you can always check <a href=".$_SESSION['reply_post_id'].">here </a>for details, replies and updates...";
> exit;
> }
>
>
> echo '</section></div>';
> include 'footer.php';
> ?>
>
Insufficient information. For instance, what's in
$_SESSION['reply_post_id'] when you send the email? What's actually in
the source of the email you receive?
Also, why are you using stripslashes()? Is magic_quotes_gpc() enabled
on your system? If so, it should be OFF.
BTW - your routine is VERY UNSAFE. It would be very easy for a hacker
to use your script to send spam to a lot of people.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
jstucklexHi Jerry,
Thanks for the suggestion.
I used filtervar in my email string.
The message as getting displayed on tha same page after sending the mail is:
"
Posted successfully. Check your post HERE
message:
You got a reply for your post title: Anybody up for a online chess game.
Check your post in:
www.32minutesforum.com/post_clicked.php?id=25.
Thanks for using 32minutesforum.com.
Thank you,
32minutesforum.com Team.
message:
You replied to the post title: Anybody up for a online chess game.
Please check for updates and further replies in: www.32minutesforum.com/post_clicked.php?id=25.
Thanks for using 32minutesforum.com.
Thank you,
32minutesforum.com Team.
A mail has been sent to you and the post creator.
"
But when I receive the mail in the mail box:
It appears as below:
"
You got a reply for your post title: Anybody up for a online chess game.
Check your post in:
www.32minutesforum.com/post_clicked.php?id%.
Thanks for using 32minutesforum.com.
Thank you,
32minutesforum.com Team.
"
I checked in php.ini. Please suggest. Magic_quotes_gpc is off.
Please also suggest, how do I restrict hackers/spammers.
Regards
On Monday, December 3, 2012 9:44:35 PM UTC+5:30, Jerry Stuckle wrote:
> On 12/3/2012 3:21 AM, hara.acharya@gmail.com wrote:
>
> > Below is my code:
>
> > But when I receive the mail, I don't get the last two digits in the $post_url.
>
> > I tried displaying the same message on the page and it displayes $post_url properly.
>
> > But when I receive the mail, I get the value of $post_url as www.32minutesforum.com/post_clicked.php?id$.
>
> > where as I should get www.32minutesforum.com/post_clicked.php?id<some number>.
>
> > i.e. www.32minutesforum.com/post_clicked.php?id15
>
> > Please help!
>
> > File:
>
> > <?php
>
> > include 'connect.php';
>
> > include 'header.php';
>
> >
>
> > echo '<div class="holder_content">';
>
> > echo '<section class="group_text">';
>
> > echo 'Posted successfully. Check your post <a href="'.$_SESSION['reply_post_id'].'">HERE</a>';
>
> >
>
> > $post_url = $_SESSION['reply_post_id'];
>
> > $to= $_SESSION['post_email'];
>
> > $subject="You just got a reply for your post in 32minutesforum.com";
>
> > $message='
>
> > <html>
>
> > <head>
>
> > <title>32 Minutes Forum</title>
>
> > </head>
>
> > <body>
>
> > <p>You got a reply for your post title: '. $_SESSION['post_title'].'.</p>
>
> > <p>Check your post in:<br/>www.32minutesforum.com/'.$post_url.'.</p>
>
> >
>
> > <p>Thanks for using 32minutesforum.com.<br/>
>
> > Thank you,<br/>
>
> > 32minutesforum.com Team.</p>
>
> > </body>
>
> > </html>';
>
> >
>
> > $message=stripslashes($message);
>
> > //$message = wordwrap($message, 90);
>
> > echo '<br/>message:'.$message.'<br/>';
>
> > $headers = 'MIME-Version: 1.0' . "\r\n";
>
> > $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>
> > $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>
> > $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>
> > $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>
> >
>
> > if(mail($to, $subject, $message, $headers))
>
> > {
>
> > $to=$_SESSION['reply_email'];
>
> >
>
> > $message='
>
> > <html>
>
> > <head>
>
> > <title>32 Minutes Forum</title>
>
> > </head>
>
> > <body>
>
> > <p>You replied to the post title: '. $_SESSION['post_title'].'.</p>
>
> > <p>Please check for updates and further replies in: www.32minutesforum.com/'.htmlentities($post_url).'.</p><br/>
>
> >
>
> > <p>Thanks for using 32minutesforum.com.<br/>
>
> > Thank you,<br/>
>
> > 32minutesforum.com Team.</p>
>
> > </body>
>
> > </html>';
>
> >
>
> > //$message=stripslashes($message);
>
> > $message = wordwrap($message, 90);
>
> > echo '<br/>message:'.$message.'<br/>';
>
> > $subject="You just replied for a post in 32minutesforum.com";
>
> >
>
> > $headers = 'MIME-Version: 1.0' . "\r\n";
>
> > $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>
> > $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>
> > $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>
> > $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>
> >
>
> >
>
> >
>
> > if(mail($to, $subject, $message, $headers))
>
> > {
>
> > //header("Location:thank_you.php?a=1");
>
> > echo "<br/>A mail has been sent to you and the post creator.";
>
> > }
>
> > else
>
> > {
>
> > echo "<br/>Could not Send Mail to you.";
>
> > exit;
>
> > }
>
> > }
>
> > else
>
> > {
>
> > echo "Could not send an intimation to the post owner but both owner and you can always check <a href=".$_SESSION['reply_post_id'].">here </a>for details, replies and updates...";
>
> > exit;
>
> > }
>
> >
>
> >
>
> > echo '</section></div>';
>
> > include 'footer.php';
>
> > ?>
>
> >
>
>
>
> Insufficient information. For instance, what's in
>
> $_SESSION['reply_post_id'] when you send the email? What's actually in
>
> the source of the email you receive?
>
>
>
> Also, why are you using stripslashes()? Is magic_quotes_gpc() enabled
>
> on your system? If so, it should be OFF.
>
>
>
> BTW - your routine is VERY UNSAFE. It would be very easy for a hacker
>
> to use your script to send spam to a lot of people.
>
>
>
> --
>
> ==================
>
> Remove the "x" from my email address
>
> Jerry Stuckle
>
> JDS Computer Training Corp.
>
> jstucklex@attglobal.net
>
> ==================
On 12/3/2012 6:38 PM, hara.acharya@gmail.com wrote:
> On Monday, December 3, 2012 9:44:35 PM UTC+5:30, Jerry Stuckle wrote:
>> On 12/3/2012 3:21 AM, hara.acharya@gmail.com wrote:
>>
>>> Below is my code:
>>
>>> But when I receive the mail, I don't get the last two digits in the $post_url.
>>
>>> I tried displaying the same message on the page and it displayes $post_url properly.
>>
>>> But when I receive the mail, I get the value of $post_url as www.32minutesforum.com/post_clicked.php?id$.
>>
>>> where as I should get www.32minutesforum.com/post_clicked.php?id<some number>.
>>
>>> i.e. www.32minutesforum.com/post_clicked.php?id15
>>
>>> Please help!
>>
>>> File:
>>
>>> <?php
>>
>>> include 'connect.php';
>>
>>> include 'header.php';
>>
>>>
>>
>>> echo '<div class="holder_content">';
>>
>>> echo '<section class="group_text">';
>>
>>> echo 'Posted successfully. Check your post <a href="'.$_SESSION['reply_post_id'].'">HERE</a>';
>>
>>>
>>
>>> $post_url = $_SESSION['reply_post_id'];
>>
>>> $to= $_SESSION['post_email'];
>>
>>> $subject="You just got a reply for your post in 32minutesforum.com";
>>
>>> $message='
>>
>>> <html>
>>
>>> <head>
>>
>>> <title>32 Minutes Forum</title>
>>
>>> </head>
>>
>>> <body>
>>
>>> <p>You got a reply for your post title: '. $_SESSION['post_title'].'.</p>
>>
>>> <p>Check your post in:<br/>www.32minutesforum.com/'.$post_url.'.</p>
>>
>>>
>>
>>> <p>Thanks for using 32minutesforum.com.<br/>
>>
>>> Thank you,<br/>
>>
>>> 32minutesforum.com Team.</p>
>>
>>> </body>
>>
>>> </html>';
>>
>>>
>>
>>> $message=stripslashes($message);
>>
>>> //$message = wordwrap($message, 90);
>>
>>> echo '<br/>message:'.$message.'<br/>';
>>
>>> $headers = 'MIME-Version: 1.0' . "\r\n";
>>
>>> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>>
>>> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>>
>>> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>>
>>> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>>
>>>
>>
>>> if(mail($to, $subject, $message, $headers))
>>
>>> {
>>
>>> $to=$_SESSION['reply_email'];
>>
>>>
>>
>>> $message='
>>
>>> <html>
>>
>>> <head>
>>
>>> <title>32 Minutes Forum</title>
>>
>>> </head>
>>
>>> <body>
>>
>>> <p>You replied to the post title: '. $_SESSION['post_title'].'.</p>
>>
>>> <p>Please check for updates and further replies in: www.32minutesforum.com/'.htmlentities($post_url).'.</p><br/>
>>
>>>
>>
>>> <p>Thanks for using 32minutesforum.com.<br/>
>>
>>> Thank you,<br/>
>>
>>> 32minutesforum.com Team.</p>
>>
>>> </body>
>>
>>> </html>';
>>
>>>
>>
>>> //$message=stripslashes($message);
>>
>>> $message = wordwrap($message, 90);
>>
>>> echo '<br/>message:'.$message.'<br/>';
>>
>>> $subject="You just replied for a post in 32minutesforum.com";
>>
>>>
>>
>>> $headers = 'MIME-Version: 1.0' . "\r\n";
>>
>>> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>>
>>> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>>
>>> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>>
>>> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>>
>>>
>>
>>>
>>
>>>
>>
>>> if(mail($to, $subject, $message, $headers))
>>
>>> {
>>
>>> //header("Location:thank_you.php?a=1");
>>
>>> echo "<br/>A mail has been sent to you and the post creator.";
>>
>>> }
>>
>>> else
>>
>>> {
>>
>>> echo "<br/>Could not Send Mail to you.";
>>
>>> exit;
>>
>>> }
>>
>>> }
>>
>>> else
>>
>>> {
>>
>>> echo "Could not send an intimation to the post owner but both owner and you can always check <a href=".$_SESSION['reply_post_id'].">here </a>for details, replies and updates...";
>>
>>> exit;
>>
>>> }
>>
>>>
>>
>>>
>>
>>> echo '</section></div>';
>>
>>> include 'footer.php';
>>
>>> ?>
>>
>>>
>>
>>
>>
>> Insufficient information. For instance, what's in
>>
>> $_SESSION['reply_post_id'] when you send the email? What's actually in
>>
>> the source of the email you receive?
>>
>>
>>
>> Also, why are you using stripslashes()? Is magic_quotes_gpc() enabled
>>
>> on your system? If so, it should be OFF.
>>
>>
>>
>> BTW - your routine is VERY UNSAFE. It would be very easy for a hacker
>>
>> to use your script to send spam to a lot of people.
>>
>>
>>
> Hi Jerry,
> Thanks for the suggestion.
> I used filtervar in my email string.
> The message as getting displayed on tha same page after sending the
> mail is:
> "
> Posted successfully. Check your post HERE
> message:
>
> You got a reply for your post title: Anybody up for a online chess
> game.
>
> Check your post in:
> www.32minutesforum.com/post_clicked.php?id=25.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
>
>
> message:
>
> You replied to the post title: Anybody up for a online chess game.
>
> Please check for updates and further replies in:
> www.32minutesforum.com/post_clicked.php?id=25.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
>
>
> A mail has been sent to you and the post creator.
> "
>
> But when I receive the mail in the mail box:
> It appears as below:
> "
> You got a reply for your post title: Anybody up for a online chess
> game.
>
> Check your post in:
> www.32minutesforum.com/post_clicked.php?id%.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
> "
> I checked in php.ini. Please suggest. Magic_quotes_gpc is off.
> Please also suggest, how do I restrict hackers/spammers.
>
> Regards
>
(Top posting fixed)
OK, if you're not using magic_quotes_gpc, then you shouldn't be using
stripslashes(). Also, if all you have is something like "id32", you
don't need to use htmlentities(). It won't hurt something like "id32",
but it won't help, either.
However, neither of these should cause the problem you're seeing. If
your data and code is as you say, I don't see any reason for it.
But again - *exactly what* is in $_SESSION['reply_post_id']? I really
don't care what your code prints out - what is in the variable? The
easiest way is to echo the value and look at the page source (NOT the
html output!).
The same with the email you've received. If you're looking at the html
version, what's in the email source?
As for being unsafe - maybe it is and you just chose bad names.
Something like $_SESSION['post_email'] to me would mean a value which
came from a field in a POSTed form. Maybe you're meaning the address
you want to send the email to, and it's coming from a profile or
similar. If the latter, then you don't have a problem (other than a
confusing variable name).
P.S. Please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
On 03/12/12 06:38 PM, hara.acharya@gmail.com wrote: > The message as getting displayed on tha same page after sending the mail is: > " > Posted successfully. Check your post HERE > message: > > You got a reply for your post title: Anybody up for a online chess game. > > Check your post in: > www.32minutesforum.com/post_clicked.php?id=25. [snip] > But when I receive the mail in the mail box: > It appears as below: > " > You got a reply for your post title: Anybody up for a online chess game. > > Check your post in: > www.32minutesforum.com/post_clicked.php?id%. It looks like you are sending the e-mail with the "Content-Transfer-Encoding: quoted-printable" header set but you haven't suitably encoded the content. Either drop the quoted printable header from your e-mail or properly encode the body! Quoted printable encoding treats an equal sign as an escape character followed by two hexadecimal digits for the ASCII code of a character. So it is the quoted printable encoding (not PHP!) that's changing =25 at the end of your URL to the % character in the mail. At a minimum, you'll need to encode the equals sign as =3D in the e-mail (i.e., "post_clicked.php?id=3D25") -or- drop the quoted printable header from the e-mail. Better yet would be to run your entire e-mail message body through PHP's quoted_printable_encode function. Really, though, it's not a PHP problem but a mismatch between your mail headers specifying the quoted printable encoding and your body not actually being encoded.
jpstewart1Hi John-Paul, Thanks a lot for this. I broke my head a lot into this. I tried using quoted_printable_encode but its showing undefined function even though I have php 5.3.8. But I renoved the "quoted-printable encoding" from header and it worked. Thanks a lot On Tuesday, December 4, 2012 11:50:41 PM UTC+5:30, John-Paul Stewart wrote: > On 03/12/12 06:38 PM, hara.acharya@gmail.com wrote: > > > The message as getting displayed on tha same page after sending the mail is: > > > " > > > Posted successfully. Check your post HERE > > > message: > > > > > > You got a reply for your post title: Anybody up for a online chess game. > > > > > > Check your post in: > > > www.32minutesforum.com/post_clicked.php?id=25. > > [snip] > > > But when I receive the mail in the mail box: > > > It appears as below: > > > " > > > You got a reply for your post title: Anybody up for a online chess game. > > > > > > Check your post in: > > > www.32minutesforum.com/post_clicked.php?id%. > > > > It looks like you are sending the e-mail with the > > "Content-Transfer-Encoding: quoted-printable" header set but you haven't > > suitably encoded the content. Either drop the quoted printable header > > from your e-mail or properly encode the body! > > > > Quoted printable encoding treats an equal sign as an escape character > > followed by two hexadecimal digits for the ASCII code of a character. > > So it is the quoted printable encoding (not PHP!) that's changing =25 at > > the end of your URL to the % character in the mail. > > > > At a minimum, you'll need to encode the equals sign as =3D in the e-mail > > (i.e., "post_clicked.php?id=3D25") -or- drop the quoted printable header > > from the e-mail. Better yet would be to run your entire e-mail message > > body through PHP's quoted_printable_encode function. > > > > Really, though, it's not a PHP problem but a mismatch between your mail > > headers specifying the quoted printable encoding and your body not > > actually being encoded.