On Fri, Feb 29, 2008 at 2:18 PM, VanBuskirk, Patricia <[EMAIL PROTECTED]> wrote: > Someone from this list (sorry I cannot remember the name), a while back, gave > me the following function to use to get rid of unwanted characters coming in > on forms: > > function convert_smart_quotes($string) > { > $search = array(chr(145), > chr(146), > chr(147), > chr(148), > chr(151), > "#", > ";", > "[", > "]", > "{", // Note the missing "}" closing > curly bracket here > "<", > ">", > "=", > "URL=http://");
Above, there are only 14 search terms, but below, there are 15 replace terms. Below the line I commented, add: "}", > $replace = array("'", > "'", > '"', > '"', > "-", > "number", > ",", > "", > "", > "", > "", > "", > "", > "equals", > ""); > return str_replace($search, $replace, $string); } [snip!] > 2. "New " VM Tree Greeting 1- Need NEW DN for this!!! (Please coordinate > with Suzanne for recordings). See the parentheses above? I'll bet dollars to donuts that's your killswitch. See my updated arrays at the end of this email. [snip!] > Also, we are getting back for example "I\'m hoping..." Somehow the slashes > are coming through in the field and in the emails. I am not even sure what > is putting them in, as I don't see that in the replace function. There's either an addslashes() function somewhere or a missing stripslashes(). Prior to inserting the data into the database, you should sanitize it using mysql_real_escape_string(). So, for example, if your SQL query looks like this: $body = convert_smart_quotes($string); $sql = "INSERT INTO email(body) VALUES($body)"; It should be changed to: $body = mysql_real_escape_string(stripslashes(convert_smart_quotes($string))); $sql = "INSERT INTO email(body) VALUES($body)"; And if that's not fixing the error for emails being sent, then find where the mail() function resides and replace the message body variable with something similar to: $message = stripslashes($message); Finally, the new arrays (rewritten function) I promised. function convert_smart_quotes($string) { $search = array(chr(145), chr(146), chr(147), chr(148), chr(151), "#", ";", "[", "]", "{", "}", "(", ")", "!", "<", ">", "=", "URL=http://"); $replace = array("'", "'", '"', '"', "-", "number", ",", "", "", "", "", "", "", ".", "", "", "", "equals", ""); return str_replace($search,$replace,$string); } -- </Dan> Daniel P. Brown Senior Unix Geek <? while(1) { $me = $mind--; sleep(86400); } ?> -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php