my php contact form is sending special characters as html entities.. can’t understand why..
//the field
echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';
//retrieving the field
$message = esc_textarea( stripslashes($_POST['cf-message']) );
It works perfectly fine with characters like Chinese, Japanese, Hebrew or Arabic but it does not send apostrophes, &, <…
I have noticed that if I change: “esc_textarea” with “sanitize_text_field” the characters are displayed correctly but it loses the formatting and line breaks.
any suggestions?
function ad_html5_form_code() {
echo '<form action="' . esc_url( $_SERVER['REQUEST_URI'] ) . '" method="post" class="html5-contact-form">';
echo '<p><label>';
echo _e('Your Name', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-name" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-name"] ) ? esc_attr( stripslashes($_POST['cf-name']) ) : '' ) . '" size="40" placeholder="' . __('Name', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Your Email', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="email" name="cf-email" value="' . ( isset( $_POST["cf-email"] ) ? esc_attr( $_POST["cf-email"] ) : '' ) . '" size="40" placeholder="' . __('Email', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Subject', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-subject" pattern="[a-zA-Z ]+" value="' . ( isset( $_POST["cf-subject"] ) ? esc_attr( stripslashes($_POST['cf-subject']) ) : '' ) . '" size="40" placeholder="' . __('Subject', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Message', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';
echo '</label></p>';
echo '<p><label>';
echo _e('What's 5 + 3 ?', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-math" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-math"] ) ? esc_attr( $_POST["cf-math"] ) : '' ) . '" size="40" placeholder="' . __('Answer to the security question', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><input type="submit" class="button" name="cf-submitted" value="';
echo _e('Send Message', 'ad-html5-form');
echo '"/></p>';
echo '</form>';
}
function ad_deliver_mail() {
// if the submit button is clicked, send the email
if ( isset( $_POST['cf-submitted'] ) ) {
// sanitize form values
$name = sanitize_text_field( stripslashes($_POST['cf-name']) );
$email = sanitize_email( $_POST["cf-email"] );
$subject = sanitize_text_field( stripslashes($_POST['cf-subject']) );
$math = sanitize_text_field( $_POST["cf-math"] );
$message = esc_textarea( stripslashes($_POST['cf-message']) );
$sitename = get_bloginfo('name');
$fullsubject ="From $sitename : $subject";
// get the blog administrator's email address
$to = get_option( 'admin_email' );
$headers = array("Content-Type: text/html; charset=UTF-8");
$headers = "From: $name <$email>" . "rn";
if ($math == 8){
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($name != ''){
if ($subject != ''){
if ($message != ''){
if ( wp_mail( $to, $fullsubject, $message, $headers ) ) {
echo '<div class="success-message">';
echo '<p>';
echo _e('Thanks for contacting Us. We will get back to you as soon as possible.', 'ad-html5-form');
echo '</p>';
echo '</div>';
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('An error coccurred. Please try again later.', 'ad-html5-form');
echo '</p>';
echo '</div>';
}
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter your message', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if subject not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter a subject', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if subject not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter your name', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if name not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter a valid email address', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if valid email
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please check your answer to the security question. The correct answer is: 8', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if math
}
}
Solution found:
in function ad_deliver_mail
had to be changed to
You should use
ecs_htmlinstead ofesc_attrAnd which will help you to eliminate symbols instead of html problem from your form.if your form is completely working with the above code now.Eg:
$html now contains this:
Which would be displayed in an HTML document as:
Instead of this:
A link