| Re: when receiving the mail(php mail function), the variable's last value is getting converted to $ or # replacing the digit [message #179767 is a reply to message #179764] |
Tue, 04 December 2012 01:39   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 12/3/2012 6:38 PM, hara(dot)acharya(at)gmail(dot)com wrote:
> On Monday, December 3, 2012 9:44:35 PM UTC+5:30, Jerry Stuckle wrote:
>> On 12/3/2012 3:21 AM, hara(dot)acharya(at)gmail(dot)com wrote:
>>
>>> Below is my code:
>>
>>> But when I receive the mail, I don't get the last two digits in the $post_url.
>>
>>> I tried displaying the same message on the page and it displayes $post_url properly.
>>
>>> But when I receive the mail, I get the value of $post_url as www.32minutesforum.com/post_clicked.php?id$.
>>
>>> where as I should get www.32minutesforum.com/post_clicked.php?id<some number>.
>>
>>> i.e. www.32minutesforum.com/post_clicked.php?id15
>>
>>> Please help!
>>
>>> File:
>>
>>> <?php
>>
>>> include 'connect.php';
>>
>>> include 'header.php';
>>
>>>
>>
>>> echo '<div class="holder_content">';
>>
>>> echo '<section class="group_text">';
>>
>>> echo 'Posted successfully. Check your post <a href="'.$_SESSION['reply_post_id'].'">HERE</a>';
>>
>>>
>>
>>> $post_url = $_SESSION['reply_post_id'];
>>
>>> $to= $_SESSION['post_email'];
>>
>>> $subject="You just got a reply for your post in 32minutesforum.com";
>>
>>> $message='
>>
>>> <html>
>>
>>> <head>
>>
>>> <title>32 Minutes Forum</title>
>>
>>> </head>
>>
>>> <body>
>>
>>> <p>You got a reply for your post title: '. $_SESSION['post_title'].'.</p>
>>
>>> <p>Check your post in:<br/>www.32minutesforum.com/'.$post_url.'.</p>
>>
>>>
>>
>>> <p>Thanks for using 32minutesforum.com.<br/>
>>
>>> Thank you,<br/>
>>
>>> 32minutesforum.com Team.</p>
>>
>>> </body>
>>
>>> </html>';
>>
>>>
>>
>>> $message=stripslashes($message);
>>
>>> //$message = wordwrap($message, 90);
>>
>>> echo '<br/>message:'.$message.'<br/>';
>>
>>> $headers = 'MIME-Version: 1.0' . "\r\n";
>>
>>> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>>
>>> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>>
>>> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>>
>>> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>>
>>>
>>
>>> if(mail($to, $subject, $message, $headers))
>>
>>> {
>>
>>> $to=$_SESSION['reply_email'];
>>
>>>
>>
>>> $message='
>>
>>> <html>
>>
>>> <head>
>>
>>> <title>32 Minutes Forum</title>
>>
>>> </head>
>>
>>> <body>
>>
>>> <p>You replied to the post title: '. $_SESSION['post_title'].'.</p>
>>
>>> <p>Please check for updates and further replies in: www.32minutesforum.com/'.htmlentities($post_url).'.</p><br/>
>>
>>>
>>
>>> <p>Thanks for using 32minutesforum.com.<br/>
>>
>>> Thank you,<br/>
>>
>>> 32minutesforum.com Team.</p>
>>
>>> </body>
>>
>>> </html>';
>>
>>>
>>
>>> //$message=stripslashes($message);
>>
>>> $message = wordwrap($message, 90);
>>
>>> echo '<br/>message:'.$message.'<br/>';
>>
>>> $subject="You just replied for a post in 32minutesforum.com";
>>
>>>
>>
>>> $headers = 'MIME-Version: 1.0' . "\r\n";
>>
>>> $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
>>
>>> $headers .= "Content-Transfer-Encoding: quoted-printable". "\n";
>>
>>> $headers .= 'Reply-To: '.$from_email.' . "\r\n";
>>
>>> $headers .= 'From: 32 Minutes Forum<'.$from_email.'>' . "\r\n";
>>
>>>
>>
>>>
>>
>>>
>>
>>> if(mail($to, $subject, $message, $headers))
>>
>>> {
>>
>>> //header("Location:thank_you.php?a=1");
>>
>>> echo "<br/>A mail has been sent to you and the post creator.";
>>
>>> }
>>
>>> else
>>
>>> {
>>
>>> echo "<br/>Could not Send Mail to you.";
>>
>>> exit;
>>
>>> }
>>
>>> }
>>
>>> else
>>
>>> {
>>
>>> echo "Could not send an intimation to the post owner but both owner and you can always check <a href=".$_SESSION['reply_post_id'].">here </a>for details, replies and updates...";
>>
>>> exit;
>>
>>> }
>>
>>>
>>
>>>
>>
>>> echo '</section></div>';
>>
>>> include 'footer.php';
>>
>>> ?>
>>
>>>
>>
>>
>>
>> Insufficient information. For instance, what's in
>>
>> $_SESSION['reply_post_id'] when you send the email? What's actually in
>>
>> the source of the email you receive?
>>
>>
>>
>> Also, why are you using stripslashes()? Is magic_quotes_gpc() enabled
>>
>> on your system? If so, it should be OFF.
>>
>>
>>
>> BTW - your routine is VERY UNSAFE. It would be very easy for a hacker
>>
>> to use your script to send spam to a lot of people.
>>
>>
>>
> Hi Jerry,
> Thanks for the suggestion.
> I used filtervar in my email string.
> The message as getting displayed on tha same page after sending the
> mail is:
> "
> Posted successfully. Check your post HERE
> message:
>
> You got a reply for your post title: Anybody up for a online chess
> game.
>
> Check your post in:
> www.32minutesforum.com/post_clicked.php?id=25.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
>
>
> message:
>
> You replied to the post title: Anybody up for a online chess game.
>
> Please check for updates and further replies in:
> www.32minutesforum.com/post_clicked.php?id=25.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
>
>
> A mail has been sent to you and the post creator.
> "
>
> But when I receive the mail in the mail box:
> It appears as below:
> "
> You got a reply for your post title: Anybody up for a online chess
> game.
>
> Check your post in:
> www.32minutesforum.com/post_clicked.php?id%.
>
> Thanks for using 32minutesforum.com.
> Thank you,
> 32minutesforum.com Team.
> "
> I checked in php.ini. Please suggest. Magic_quotes_gpc is off.
> Please also suggest, how do I restrict hackers/spammers.
>
> Regards
>
(Top posting fixed)
OK, if you're not using magic_quotes_gpc, then you shouldn't be using
stripslashes(). Also, if all you have is something like "id32", you
don't need to use htmlentities(). It won't hurt something like "id32",
but it won't help, either.
However, neither of these should cause the problem you're seeing. If
your data and code is as you say, I don't see any reason for it.
But again - *exactly what* is in $_SESSION['reply_post_id']? I really
don't care what your code prints out - what is in the variable? The
easiest way is to echo the value and look at the page source (NOT the
html output!).
The same with the email you've received. If you're looking at the html
version, what's in the email source?
As for being unsafe - maybe it is and you just chose bad names.
Something like $_SESSION['post_email'] to me would mean a value which
came from a field in a POSTed form. Maybe you're meaning the address
you want to send the email to, and it's coming from a profile or
similar. If the latter, then you don't have a problem (other than a
confusing variable name).
P.S. Please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]