Posted by J. W. Doe on 06/18/05 19:32

On my website, I am using a PHP contact form that I found somewhere on
the web many years ago. I didn't write it myself, and I know very
little about PHP.

The form works great, except that slashes for escaping single and
double quotes are not being stripped out . I did some Googling and
found that the "stripslashes" function needs to be used, but when I
check the script, it looks like it's already using stripslashes. At
this point I'm stumped. I'd love it if someone could take a look at the
script and let me know why slashes aren't being stripped out.

<?

$msg = stripslashes($_POST[message]);

$recipient = "jwdoe@nomail.com";
$subject = "$_POST[subject]";

$mailheaders = "From: $_POST[name] <$_POST[email]> \n";
$mailheaders .= "Reply-To: $_POST[email]";

if (!isset($name) || !isset($email) || !isset($subject) ||
!isset($message)) {
header( "Location: contact.php" );
}
elseif (empty($name) || empty($email) || empty($subject) ||
empty($message)) {
header( "Location: contact.php?msg=1" );
}
else {
mail($recipient, $subject, $msg, $mailheaders);
header( "Location: contact.php" );

if (isset($cc)) {
mail( "$email", "$subject (CC: from J. W. Doe's Site)", $message,
"From: jwdoe@nomail.com" );
}
header( "Location: contact.php?msg=2" );
}
?>

[Back to original message]