Question

我的php联系表单正在发送特殊字符作为html实体..无法理解为什么......

//the field
echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';

//retrieving the field
$message        = esc_textarea( stripslashes($_POST['cf-message']) );

它可以很好地处理中文，日文，希伯来文或阿拉伯文等字符，但它不会发送撇号，＆amp;，＆lt; ...

我注意到如果我改变了：＆＃34; esc_textarea＆＃34;与＆＃34; sanitize_text_field＆＃34;字符显示正确，但它会丢失格式和换行符。

有什么建议吗？

function ad_html5_form_code() {
    echo '<form action="' . esc_url( $_SERVER['REQUEST_URI'] ) . '" method="post" class="html5-contact-form">';
    echo '<p><label>';
    echo _e('Your Name', 'ad-html5-form');
    echo '<span style="color: #cc0000">*</span><br />';
    echo '<input type="text" name="cf-name" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-name"] ) ? esc_attr( stripslashes($_POST['cf-name']) ) : '' ) . '" size="40" placeholder="' . __('Name', 'ad-html5-form') . '" required/>';
    echo '</label></p>';
    echo '<p><label>';
    echo _e('Your Email', 'ad-html5-form');
    echo '<span style="color: #cc0000">*</span><br />';
    echo '<input type="email" name="cf-email" value="' . ( isset( $_POST["cf-email"] ) ? esc_attr( $_POST["cf-email"] ) : '' ) . '" size="40" placeholder="' . __('Email', 'ad-html5-form') . '" required/>';
    echo '</label></p>';
    echo '<p><label>';
    echo _e('Subject', 'ad-html5-form');
    echo '<span style="color: #cc0000">*</span><br />';
    echo '<input type="text" name="cf-subject" pattern="[a-zA-Z ]+" value="' . ( isset( $_POST["cf-subject"] ) ? esc_attr( stripslashes($_POST['cf-subject']) ) : '' ) . '" size="40" placeholder="' . __('Subject', 'ad-html5-form') . '" required/>';
    echo '</label></p>';
    echo '<p><label>';
    echo _e('Message', 'ad-html5-form');
    echo '<span style="color: #cc0000">*</span><br />';
    echo '<textarea rows="10" cols="35" name="cf-message" placeholder="' . __('Your message', 'ad-html5-form') . '" required>' . ( isset( $_POST["cf-message"] ) ? esc_attr( stripslashes($_POST['cf-message']) ) : '' ) . '</textarea>';
    echo '</label></p>';
    echo '<p><label>';
    echo _e('What\'s 5 + 3 ?', 'ad-html5-form');
    echo '<span style="color: #cc0000">*</span><br />';
    echo '<input type="text" name="cf-math" pattern="[a-zA-Z0-9 ]+" value="' . ( isset( $_POST["cf-math"] ) ? esc_attr( $_POST["cf-math"] ) : '' ) . '" size="40" placeholder="' . __('Answer to the security question', 'ad-html5-form') . '" required/>';
    echo '</label></p>';
    echo '<p><input type="submit" class="button" name="cf-submitted" value="';
    echo _e('Send Message', 'ad-html5-form');
    echo '"/></p>';
    echo '</form>';
}

function ad_deliver_mail() {

    // if the submit button is clicked, send the email
    if ( isset( $_POST['cf-submitted'] ) ) {

        // sanitize form values
        $name           = sanitize_text_field( stripslashes($_POST['cf-name']) );
        $email          = sanitize_email( $_POST["cf-email"] );
        $subject        = sanitize_text_field( stripslashes($_POST['cf-subject']) );
        $math           = sanitize_text_field( $_POST["cf-math"] );
        $message        = esc_textarea( stripslashes($_POST['cf-message']) );
        $sitename       = get_bloginfo('name');
        $fullsubject    ="From $sitename : $subject";
        // get the blog administrator's email address
        $to = get_option( 'admin_email' );

        $headers = array("Content-Type: text/html; charset=UTF-8");
        $headers = "From: $name <$email>" . "\r\n";

            if ($math == 8){

            if(filter_var($email, FILTER_VALIDATE_EMAIL)) {

            if ($name != ''){

            if ($subject != ''){

            if ($message != ''){

                if ( wp_mail( $to, $fullsubject, $message, $headers ) ) {
                    echo '<div class="success-message">';
                    echo '<p>'; 
                    echo _e('Thanks for contacting Us. We will get back to you as soon as possible.', 'ad-html5-form');
                    echo '</p>';
                    echo '</div>';
                } else {
                    echo '<div class="message-error">';
                    echo '<p>';
                    echo _e('An error coccurred. Please try again later.', 'ad-html5-form');
                    echo '</p>';
                    echo '</div>';
                }

            } else {
                echo '<div class="message-error">';
                echo '<p>';
                echo _e('Please enter your message', 'ad-html5-form');
                echo '</p>';
                echo '</div>';
            } // end if subject not empty

            } else {
                echo '<div class="message-error">';
                echo '<p>';
                echo _e('Please enter a subject', 'ad-html5-form');
                echo '</p>';
                echo '</div>';
            } // end if subject not empty

            } else {
                echo '<div class="message-error">';
                echo '<p>';
                echo _e('Please enter your name', 'ad-html5-form');
                echo '</p>';
                echo '</div>';
            } // end if name not empty

            } else {
                echo '<div class="message-error">';
                echo '<p>';
                echo _e('Please enter a valid email address', 'ad-html5-form');
                echo '</p>';
                echo '</div>';
            } // end if valid email 

            } else {
                echo '<div class="message-error">';
                echo '<p>';
                echo _e('Please check your answer to the security question. The correct answer is: 8', 'ad-html5-form');
                echo '</p>';
                echo '</div>';
             } // end if math
    }
}

Answer 1

找到解决方案：

功能ad_deliver_mail

esc_textarea( stripslashes($_POST['cf-message']) );

必须改为

stripslashes(trim($_POST['cf-message']));

Answer 2

您应该使用ecs_html代替esc_attr这将帮助您从表单中删除符号而不是html问题。如果您的表单现在完全使用上述代码。

例如：

$html = esc_html( '<a href="http://www.example.com/">A link</a>' );

$ html现在包含：

&lt;a href=&quot;http://www.example.com/&quot;&gt;A link&lt;/a&gt;

将在HTML文档中显示为：

<a href="http://www.example.com/">A link</a>

而不是： A link

联系表单一些字符显示为html实体

2 个答案: