可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

I'm trying to write an html mail sender but I have a problem, it shows slashes.

Part of my code:

<?php
$sender = $_REQUEST["sender"];
$to = $_REQUEST["to"];
$html = $_REQUEST["html"];
$send = $_REQUEST["send"];

$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=' . $ce . "\r\n";

$headers .= 'To: ' . $to . "\r\n";
$headers .= 'From: ' . $sender . "\r\n";

mail($to, $title, $html, $headers);

?>

    <form action="html.php" method="post">
        Sender: <input type="text" name="sender" value="sender@example.com">
        HTML content: <textarea cols="40" rows="5" name="html"></textarea>
        <input type="submit" value="Send">
    </form>

When I type an html code to the textare and send it to gmail, it show weird slashes. What mistake I'm making here?

回答1:

Sounds like Magic Quotes are enabled: http://www.php.net/manual/en/security.magicquotes.php

Either disable Magic Quotes or do this:

$html = stripslashes($_REQUEST["html"]);

Also, if your script uses a from and to address from the form submission, you WILL be found by spammers who will send thousands of emails through your server until you are blocked by every spam blocker on the internet. You need to lock that down.

Any information you add to the mail header from a submission can be compromised, see this for more information: http://www.phpsecure.info/v2/article/MailHeadersInject.en.php

回答2:

Try using php functions to convert html. There are quite a few. You might need to encode, decode.

$html = htmlspecialchars($_REQUEST["html"]);

回答3:

Your PHP Settings are wrong, there's a setting like magic_quotes or someting, you have to disable this.

回答4:

this procedure worked for me:

$mail_message; //actual email message u want to send.
$message = str_replace("\\n","<br/>",(stripslashes($mail_message)));
$message = str_replace("\\r","<br/>",$message);

回答5:

I fixed this by passing the text through stripslashes();

It's not (or no longer, anyway) caused by magic_quotes, as that was removed in PHP 5.4. PHP seems to automatically add slashes to text that comes from HTML forms, as (maybe?) a security measure.