I wanted to make a mail function in php to let visitors create and activate a user account. For this I made a mail with a link which refers to the page that activates the account. Now the problem is that some people want to use characters that interfere with the code inside the email. for example: " " and ' '. I tried to escape these characters, but when such character appears, the link becomes inactive. The mail is sent, but the link is unclickable.
This is what the code looks like.
The variables are set in PHP
$New_user->Username = $db->real_escape_string($_POST['un']);
$RawUn = $_POST['un'];
$New_user->Password = $_POST['pw'];
$New_user->Email = $_POST['em'];
$CheckEmail = explode("@", $New_user->Email);
$New_user->Country = $_POST['cn'];
$New_user->City = $_POST['ct'];
//$NEW_USER IS AN OBJECT CREATED TO HOLD ACCOUNT INFORMATION SUCH AS USERNAME AND EMAIL
//$RAWUN IS A VARIABLE TO HAVE AN UNESCAPED VALUE OF THE USERNAME TO INSERT IN THE INPUT FIELD IF SOMETHING WENT WRONG
After checking the values, the mail is sent:
$message = array(
'Hello ' . $New_user->Username . ',<br/>',
'<br/>',
'Welcome to MakeAMemo.<br/>',
'To start working with your account you will have to activate it.<br/>',
'Just click on the <a href="localhost/makeamemo.com/ConfirmAccount.php?Un=' . str_replace(" ", "+", $New_user->Username) . '&Em=' . $db->real_escape_string($New_user->Email) . '&Action=Create">link</a> and you are ready to go.<br/>',
'Log in and check if it works. If not, please contact us(E-mail is on the website).<br/>',
'Your password: ' . $New_user->Password . '<br/>',
'<br/>',
'Kind regards,<br/>',
'<br/>',
'Administration');
$header = array(
'From: makeamemoofficial@gmail.com',
'Reply-To: makeamemoofficial@gmail.com',
'Content-type: text/html');
mail($New_user->Email,"MakeAMemo => New account",implode("
", $message),implode("
", $header));
I have made a connection to the datebase, so the escaping using $db->real_escape_string works fine. The location of the link will be changed when the website is finished. I checked if the code worked without the str_replace in the href. No succes. Neither I got succes trying to not escape the username. The tags are invisible in the mail, so it is recognised. The link is not blocked, because it does work when I don't use special characters. When changing the double quotation marks into single quotation marks, you reverse the effect, which means that instead of " ", ' ' don't work. I do not think the headers have something to do with it, because the link does work when using normal characters.
Any idea what the cause of my problem is? Every answer is appreciated.
adear11: here is the generated tag:
<a href="localhost/makeamemo.com/ConfirmAccount.php?Un=%22s+avonds&Em=dennis.heutinck%40gmail.com&Action=Create">link</a>
"s avonds is an incorrect dutch word that contains some of the characters that need to be tested.