How can I escape this php code

Beginners - Learning PHP
#1 
<?php

$errorMSG = "";

// NAME
if (empty($_POST["name"])) {
    $errorMSG = "Name is required ";
} else {
    $name = $_POST["name"];
}

// EMAIL
if (empty($_POST["email"])) {
    $errorMSG .= "Email is required ";
} else {
    $email = $_POST["email"];
}

// MSG SUBJECT
if (empty($_POST["msg_subject"])) {
    $errorMSG .= "Subject is required ";
} else {
    $msg_subject = $_POST["msg_subject"];
}


// MESSAGE
if (empty($_POST["message"])) {
    $errorMSG .= "Message is required ";
} else {
    $message = $_POST["message"];
}


$EmailTo = "[email protected]";
$emailSanitized = filter_var($EmailTo, FILTER_SANITIZE_EMAIL);
$Subject = "New Message Received";

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $email;
$Body .= "\n";
$Body .= "Subject: ";
$Body .= $msg_subject;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $message;
$Body .= "\n";

// send email
$success = mail($EmailTo, $Subject, $Body, "From:".$email);

// redirect to success page
if ($success && $errorMSG == ""){
   echo "success";
}else{
    if($errorMSG == ""){
        echo "Something went wrong :(";
    } else {
        echo $errorMSG;
    }
}

?>
#2

that’s unreadable, use the </> button on the editor of this forum. And i do not understand what your problem is, nor what you tried to solve it.

#3

I personally would use SwiftMailer or PHPMailer to send emails as it is easier and a little bit safer to use, plus you don’t have to reinvent the wheel.

Here’s my code for that (I use SwiftMailer)

    /* Setup swiftmailer using your email server information */
    if (filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_URL) == "localhost") {
        $transport = Swift_SmtpTransport::newInstance(EMAIL_HOST, EMAIL_PORT); // 25 for remote server 587 for localhost:
    } else {
        $transport = Swift_SmtpTransport::newInstance(EMAIL_HOST, 25);
    }

    $transport->setUsername(EMAIL_USERNAME);
    $transport->setPassword(EMAIL_PASSWORD);

    /* Setup To, From, Subject and Message */
    $message = Swift_Message::newInstance();

    $name = $data['name'];
    $email_from = $data['email'];
    $subject = $data['reason'] . ' email address ' . $data['email'];
    $comments = $data['phone'] . ' ' . $data['website'] . ' ' . $data['comments'];

    /*
     * Email Address message is going to
     */
    $message->setTo([
       '[email protected]' => 'John Smith'// [email protected] || John Smith
    ]);

    $message->setSubject($subject); // Subject:
    $message->setBody($comments); // Message:
    $message->setFrom($email_from, $name); // From and Name:

    $mailer = Swift_Mailer::newInstance($transport); // Setting up mailer using transport info that was provided:
    $result = $mailer->send($message, $failedRecipients);

    if ($result) {
        return TRUE;
    } else {
        echo "<pre>" . print_r($failedRecipients, 1) . "</pre>";
        return FALSE;
    }

Though you can (and should sanitize ) data going out to a 3rd Parity Mailer and even use Google’s ReCaptcha. Here’s a snippet on how I do it :slight_smile:

if (isset($submit) && $submit === 'submit') {
    $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
    if (!empty($token)) {
        if (hash_equals($_SESSION['token'], $token)) {
            /* The Following to get response back from Google recaptcah */
            $url = "https://www.google.com/recaptcha/api/siteverify";

            $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
            $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
            $recaptcha_data = json_decode($response);
            /* The actual check of the recaptcha */
            if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
                $success = "Mail was sent!";
                $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
                $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
                $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

                $send = new Email($data);
            } else {
                $success = "You're not a human!"; // Not of a production server:
            }
        } else {
            // Log this as a warning and keep an eye on these attempts
        }
    }
}

Like chorn said you should format your code before you post here.

This might help a little.

#4

We need more info than just a title and a code dump. What are you trying to escape?

Sponsor our Newsletter | Privacy Policy | Terms of Service