Help - stripping special characters from email and retaining html tags

I want to send html formatted text yet strip out special characters
(e.g. quotes and semi colons). I've seen preg_replace examples like
$messageout = preg_replace('/[^0-9a-z\[\]\(\)<>]/i','',$message); to
preserve some additional characters but don't know how to approach
preserving html in general.

This is a typical message line: $message.= "Date: " . $today .
"
";

I am setting these headers:

$headers = "MIME-Version: 1.0\r\n";
$headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers.= "From: $emailaddress\r\n";

Also, where can I find out which characters need to be escaped?

Please advise.

Thank you!
- Tim

Re: Help - stripping special characters from email and retaininghtml tags

Big Moxy wrote:
> I want to send html formatted text yet strip out special characters
> (e.g. quotes and semi colons). I've seen preg_replace examples like
> $messageout = preg_replace('/[^0-9a-z\[\]\(\)<>]/i','',$message); to
> preserve some additional characters but don't know how to approach
> preserving html in general.
>
> This is a typical message line: $message.= "Date: " . $today .
> "
";
>
> I am setting these headers:
>
> $headers = "MIME-Version: 1.0\r\n";
> $headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
> $headers.= "From: $emailaddress\r\n";
>
> Also, where can I find out which characters need to be escaped?

not sure i am getting what you are asking here, but htmlspecialchars()
perhaps? http://php.net/htmlspecialchars

--
Posted via a free Usenet account from http://www.teranews.com

Re: Help - stripping special characters from email and retaining html tags

On Oct 8, 1:10 pm, Justin Koivisto wrote:
> Big Moxy wrote:
> > I want to send html formatted text yet strip out special characters
> > (e.g. quotes and semi colons). I've seen preg_replace examples like
> > $messageout = preg_replace('/[^0-9a-z\[\]\(\)<>]/i','',$message); to
> > preserve some additional characters but don't know how to approach
> > preserving html in general.
>
> > This is a typical message line: $message.= "Date: " . $today .
> > "
";
>
> > I am setting these headers:
>
> > $headers = "MIME-Version: 1.0\r\n";
> > $headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
> > $headers.= "From: $emailaddress\r\n";
>
> > Also, where can I find out which characters need to be escaped?
>
> not sure i am getting what you are asking here, but htmlspecialchars()
> perhaps?http://php.net/htmlspecialchars
>
> --
> Posted via a free Usenet account fromhttp://www.teranews.com- Hide quoted text -
>
> - Show quoted text -

I'm sorry I didn't state my objective for the post. Thank you for
telling me about htmlspecialchars. I believe it is applicable in this
case but not sure. My goal is to add defensive coding for whatever the
user may intentionally or unintentionally type in and still preserve
the html formatted email that has been created. Should I converse my
initially formatted message with htmlspecialchars and then apply
preg_replace to it? If so, which of these special characters require a
preceding "escape" character -> @ , . & ; -

Thanks!

Re: Help - stripping special characters from email and retaining html tags

On Oct 8, 5:42 pm, Big Moxy wrote:
> On Oct 8, 1:10 pm, Justin Koivisto wrote:
>
>
>
> > Big Moxy wrote:
> > > I want to send html formatted text yet strip out special characters
> > > (e.g. quotes and semi colons). I've seen preg_replace examples like
> > > $messageout = preg_replace('/[^0-9a-z\[\]\(\)<>]/i','',$message); to
> > > preserve some additional characters but don't know how to approach
> > > preserving html in general.
>
> > > This is a typical message line: $message.= "Date: " . $today .
> > > "
";
>
> > > I am setting these headers:
>
> > > $headers = "MIME-Version: 1.0\r\n";
> > > $headers.= "Content-type: text/html; charset=iso-8859-1\r\n";
> > > $headers.= "From: $emailaddress\r\n";
>
> > > Also, where can I find out which characters need to be escaped?
>
> > not sure i am getting what you are asking here, but htmlspecialchars()
> > perhaps?http://php.net/htmlspecialchars
>
> > --
> > Posted via a free Usenet account fromhttp://www.teranews.com-Hide quoted text -
>
> > - Show quoted text -
>
> I'm sorry I didn't state my objective for the post. Thank you for
> telling me about htmlspecialchars. I believe it is applicable in this
> case but not sure. My goal is to add defensive coding for whatever the
> user may intentionally or unintentionally type in and still preserve
> the html formatted email that has been created. Should I converse my
> initially formatted message with htmlspecialchars and then apply
> preg_replace to it? If so, which of these special characters require a
> preceding "escape" character -> @ , . & ; -
>
> Thanks!

You escape characters that have special meaning in a particular
context. In HTML, for instance, < and > have special meaning. You
can't just run the HTML through htmlentites() because you'll lose
whatever HTML you have. You need to escape things that are not
supposed to be interpreted as HTML before inserting them into the
HTML.

For instance, suppose we want the text "2 < 5" to appear between
inside a element. Then you need to do something like this:

$str = '2 < 5';
$html = '' . htmlentites($str) . '';

So the stuff that isn't supposed to be interpreted as HTML is escaped,
while the actual tags are not.