Line Break in email not working

[warrens0017]

Hi everyone,

I am running into an issue when I am sending out emails using the mail() function.

What I am trying to do is on one page, there is a text area that enters information into a form and sends it to another php to process. Here is the form:

<form method='POST' action='../home/contact-send-email.inc.php'>
  <div class='input_form'>
    <input type='hidden' name='cid' value='".$rowcon['cid']."'><br>
    <input type='hidden' name='from' value='".$_SESSION['email']."'><br>
    <input type='hidden' name='email' value='".$rowcon['email']."'><br>
    <input type='text' name='subject' placeholder='Subject'><br>
    <textarea style='width: 103.5%; height: 500px; resize: none;' type='text' name='message' placeholder='Message'></textarea><br>
    <button type='submit'>Send Mail</button>
  </div>
</form>

Now with the text area, I want it to allow line breaks. The issue I am running into now is that when I send email out, I am getting the text but were I put the line breaks, there is a \r\n in text. Here is the mail process php:

<?php
include '../inc/dbh.php';

$from = mysqli_real_escape_string($conn, $_POST['from']);
$msg = mysqli_real_escape_string($conn, $_POST['message']);

$to = mysqli_real_escape_string($conn, $_POST['email']);

$subject = mysqli_real_escape_string($conn, $_POST['subject']);

$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type:text/html; charset=UTF-8\r\n";
$headers .= "From: ".$from."\r\n";
$headers .= "X-Mailer: PHP 5.x\r\n";

$txt = nl2br($msg);

mail($to, $subject, $txt, $headers);
?>

So quick over view:

When I send an email out using this code and there are line breaks in there, where the line breaks are happening, in the email there is \r\n instead of the line break.

[iwato]

Did you notice the semi-colon in the middle of the following line of code?

$headers .= "Content-type:text/html; charset=UTF-8\r\n";

Roddy

[Ingolme]

That's because you're using mysqli_real_escape_string. You don't need that function, that's only for databases and it's also only used in really old code. If all you're doing is sending an e-mail, remove the entire database connection file.

For escaping things in an HTML e-mail, use htmlspecialchars().

 

1 minute ago, iwato said:

Did you notice the semi-colon in the middle of the following line of code?

$headers .= "Content-type:text/html; charset=UTF-8\r\n";

Roddy

That semi-colon is correct, it separates two of the components of the Content-Type header.

Edited September 5, 2018 by Ingolme

[justsomeguy]

That's what mysqli_real_escape_string is going to do.  Why are you using that if your'e not using that data with a database?

Ideally you shouldn't use that function at all, if you're working with data in a SQL query you should use prepared statements instead of trying to escape everything manually.

[Funce]

Can confirm, your issue stems from using `mysqli_real_escape_string`. That function just half-protects your queries from any anomalous characters, by escaping them, that may end up executing unwanted things. Not particularly useful in any case.

Any special characters inside that function are taken literally `\r\n` rather than as they're supposed to be which is a Carriage Return and LineFeed Character. (Basically new line)

 

In this case you won't even need to use mysqli_real_escape_string. You're not putting the data into the database are you? If you are I suggest reading up on 'Prepared Statements'.

Edited September 5, 2018 by Funce