stripslashes function in PHP? Doesn't seem to work...

I'm assuming magic quotes is enabled.  I'm running sql/php v5.0 I believe.  I'm not adding any slashes either...  They are just there whenever I use a quote in the comment field.

Sorry...  It looks like I have PHP v5.3

You are getting way ahead of yourself Prodigy and maybe I am a bit too.  Bregent, in a previous post I was explaining that nothing in the form was being validated.  Originally the form was being processed by

if ($_SERVER['REQUEST_METHOD'] == 'POST')) {

He was using forms setup up redirects that were not working and a put of other things going on.  I started to explain the importance of sanitizing data so that nothing malicious comes of the script.  Because there is no database involved, mysqli_real_escape_string won't do the trick so I started to explain the stripslashes/addslashes and about converting to html entities ( http://php.net/manual/en/function.htmlspecialchars.php ).

Prodigy, add/strip slashes is not what you need, it was just an example to make you look at what you are putting into a script.

Since you don't send an HTML email, you don't need to worry about htmlspecialchars.  Take a read through this tutorial about sanitizing data.  This probably would have a better place to start you off looking back instead of jumping too far ahead.

http://www.w3schools.com/php/php_secure_mail.asp

Hi again snakeyes...  The only reason I was trying to use the stripslashes was because the slashes are placed into the email when it gets sent to email address.  Although, not terrible it didn't look quite right when you are using words like "I'm" or "I'd" and it places a slash in the comments.  Is there a way around this?  Is this magic quotes in the works?  I'll check out the link you sent to a while.  I do appreciate the help you've given me so far...  The header() function works great now.

The reason for slashes is to prevent malicious code from being inserted and slashes make things into comments, likewise with htmlspecial chars converting symbols and the like from & --> & just as a basic example I can think of off the top of my head.  The point I want you to understand is that if you expect something, check for it and don't expect that it will only be as you expect because two people don't always think alike.  If your site is small enough, with low traffic, this might all be overkill for you, but it's good to understand if you ever run into problems and I always err on the side of caution.

Thanks for the background explanation SnakeEyez,

If he's ending up with slashes in his text posted from a form, and he's not adding them with addslashes() or some other function, then it sounds like magic_quotes is enabled, right?

If so, it should be disabled, right?

Usually bregent.  But there are instances where I have seen characters not be translated properly.  In those cases running htmlspecialchars would do the trick.  However, if sending a plain text, non-html, email as in this example. using HTML characters can get messy and you never really have the opportunity to convert it back to text. So validating the input as in the w3schools example will remove any illegal characters from the strings and prevent injection against simple email scripts.

OK...  I appreciate both of your help.  So, where is the best place for me to start?  Do I contact someone on the server side to turn magic quotes off?  or should I just try the example from the W3Schools example?  or both I guess?  I just like the users to be able to type a short message and not end up with slashes in the text when it's displayed in an email...

Both. You always want to validate all user input.

Next, determine if magic quotes is indeed enabled: http://www.php.net/manual/en/function.get-magic-quotes-gpc.php

You may be able to disable magic quotes yourself: http://www.php.net/manual/en/security.magicquotes.disabling.php

First

With the first example I receive an error message...  Something referring to mysql.

The 2nd example didn't seem to help...  The script ran without a hitch but the slashes were still in the comment section of the generated email.  This is of course assumming I'm executing the script properly.  I'm not able to tell as I just started to us PHP.  I understand the code (I used to be a c coder) but as far as PHP script writing I have no idea of how to create it yet. 

Is this something I should ask the hosting company about?  I couldn't find any information on magic quotes in their FAQ or Help sections.  I am certain however I running PHP 5.3 though.

So lost...  at the moment.  

Can you tell me why my use of the stripslashes command below does not work?  I've tried multiple variations using stripslashes and each time I still see slashes in any comment which contains a quote.

<?php // Script 1.0 - contactlist.php

if (isset($_POST['submit']) && !empty($_POST['submit'])) // Test if submit button named submit was clicked and not empty

{

          if (!empty($_POST['first']) && !empty($_POST['last'])  && !empty($_POST['email']) && !empty($_POST['phone']) && !empty($_POST['comment'])) {

                    $body = "First Name: {$_POST['first']}\nLast Name: {$_POST['last']}\nEmail Address: {$_POST['email']}\nContact Phone Number: {$_POST['phone']}\nContact Preference: {$_POST['contactvia']}\n\nBest Time To Contact: {$_POST['timepref']}\n\nComments:\n {$_POST[stripslashes('comment')]}";

                    $body = wordwrap($body, 70);

                    mail('someone@somplace.net', 'NEW Customer Inquiry Submission',$body, "From: {$_POST['email']}");

                    header('Location: index.html');  //Redirect to new url if form submitted

     }

}

?>

>{$_POST[stripslashes('comment')]}";