我的PHP联系人表单发送特殊字符作为HTML实体..我不明白为什么…
//the field
echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';
//retrieving the field
$message = esc_textarea( stripslashes($_POST['cf-message']) );
对于中文、日语、希伯来语或阿拉伯语等字符,它可以很好地工作,但它不发送撇号,&, <…
我注意到,如果我改变:"esc_textarea"与"sanitize_text_field"字符正确显示,但它失去了格式和换行符。
有什么建议吗?
function ad_html5_form_code() {
echo '<form action="' . esc_url( $_SERVER['REQUEST_URI'] ) . '" method="post" class="html5-contact-form">';
echo '<p><label>';
echo _e('Your Name', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-name" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-name"] ) ? esc_attr( stripslashes($_POST['cf-name']) ) : '' ) . '" size="40" placeholder="' . __('Name', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Your Email', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="email" name="cf-email" value="' . ( isset( $_POST["cf-email"] ) ? esc_attr( $_POST["cf-email"] ) : '' ) . '" size="40" placeholder="' . __('Email', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Subject', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-subject" pattern="[a-zA-Z ]+" value="' . ( isset( $_POST["cf-subject"] ) ? esc_attr( stripslashes($_POST['cf-subject']) ) : '' ) . '" size="40" placeholder="' . __('Subject', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><label>';
echo _e('Message', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';
echo '</label></p>';
echo '<p><label>';
echo _e('What''s 5 + 3 ?', 'ad-html5-form');
echo '<span style="color: #cc0000">*</span><br />';
echo '<input type="text" name="cf-math" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-math"] ) ? esc_attr( $_POST["cf-math"] ) : '' ) . '" size="40" placeholder="' . __('Answer to the security question', 'ad-html5-form') . '" required/>';
echo '</label></p>';
echo '<p><input type="submit" class="button" name="cf-submitted" value="';
echo _e('Send Message', 'ad-html5-form');
echo '"/></p>';
echo '</form>';
}
function ad_deliver_mail() {
// if the submit button is clicked, send the email
if ( isset( $_POST['cf-submitted'] ) ) {
// sanitize form values
$name = sanitize_text_field( stripslashes($_POST['cf-name']) );
$email = sanitize_email( $_POST["cf-email"] );
$subject = sanitize_text_field( stripslashes($_POST['cf-subject']) );
$math = sanitize_text_field( $_POST["cf-math"] );
$message = esc_textarea( stripslashes($_POST['cf-message']) );
$sitename = get_bloginfo('name');
$fullsubject ="From $sitename : $subject";
// get the blog administrator's email address
$to = get_option( 'admin_email' );
$headers = array("Content-Type: text/html; charset=UTF-8");
$headers = "From: $name <$email>" . "'r'n";
if ($math == 8){
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($name != ''){
if ($subject != ''){
if ($message != ''){
if ( wp_mail( $to, $fullsubject, $message, $headers ) ) {
echo '<div class="success-message">';
echo '<p>';
echo _e('Thanks for contacting Us. We will get back to you as soon as possible.', 'ad-html5-form');
echo '</p>';
echo '</div>';
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('An error coccurred. Please try again later.', 'ad-html5-form');
echo '</p>';
echo '</div>';
}
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter your message', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if subject not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter a subject', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if subject not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter your name', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if name not empty
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please enter a valid email address', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if valid email
} else {
echo '<div class="message-error">';
echo '<p>';
echo _e('Please check your answer to the security question. The correct answer is: 8', 'ad-html5-form');
echo '</p>';
echo '</div>';
} // end if math
}
}
解决方案找到:
in function ad_deliver_mail
esc_textarea( stripslashes($_POST['cf-message']) );
必须改成
stripslashes(trim($_POST['cf-message']));
您应该使用ecs_html而不是esc_attr,这将帮助您从表单中消除符号而不是html问题。如果您的表单现在可以完全使用上面的代码。
,
$html = esc_html( '<a href="http://www.example.com/">A link</a>' );
$html现在包含以下内容:
<a href="http://www.example.com/">A link</a>
在HTML文档中显示为:
<a href="http://www.example.com/">A link</a>
而不是这个:一个链接