PHP string cut off when emailed: simple bug fix help please

Question

There's a comment card feature on the website I work at, that after filling out the forms, a php mail call is made to email people the comments. However, one of the strings, "comments" is getting cut off. Could someone look at this code and possibly tell me why? EDIT: Did some testing and discovered that single and double quotes cause the problem. Any advice on dealing with this would be great. Do I want to use stripslashes or some such?

Here is an example of the problem:

Location: The place
Quality: Good
Comments: The Hot Dog at the Grill was labeled with the \\
Email: someemail@email.com
Date: 05/23/11
Time: 13:34

Here is the confirmation page: (help much appreciated, it's my first day on the job and I can't figure this out!

<?php
$date=date("m/d/y");
$time=date("H:i");
$loc=$_POST['location'];
$qual=$_POST['quality'];
$comm=$_POST['comments'];
$em=$_POST['email'];

echo("<p class=\"bodytext\">You are about to send the following information:<span><br><br><span class=\"bodytextbold\">Location:</span> ".$loc."<br><br><span class=\"bodytextbold\">How was your food?:</span>".$qual."<br><br><span class=\"bodytextbold\">Comments: </span>".$comm."<br><br><span class=\"bodytextbold\">Your email address: ".$em);
echo("<form method=\"post\" action=\"comment_card_email.html\">
<input type=\"hidden\" name=\"location\" value=\"".$loc."\">
<input type=\"hidden\" name=\"quality\" value=\"".$qual."\">
<input type=\"hidden\" name=\"comments\" value=\"".$comm."\">
<input type=\"hidden\" name=\"email\" value=\"".$em."\">
<input type=\"hidden\" name=\"date\" value=\"".$date."\">
<input type=\"hidden\" name=\"time\" value=\"".$time."\">
<input type=\"submit\" class=\"bodytext\" value=\"submit comments\" name=\"submit\"></form>");
?> 

And here's the html page php script that receives it:

<?php
$location = $_POST['location'];
$quality = $_POST['quality'];
$comments = $_POST['comments'];
$email = $_POST['email'];
$date = $_POST['date'];
$time = $_POST['time'];
$recipients = "someemail@email.com";

function mail_staff($recipients, $location, $quality, $comments, $email, $date, $time){
    mail($recipients, "Comment Card#[".$location."]".time(), "The following comment has been submitted:

Location: $location
Quality: $quality
Comments: $comments
Email: $email
Date: $date
Time: $time

", "From:".$email);
}

Answer 1

Went ahead and pulled my comments together and combined them into this answer.

You might want to consider using heredoc for those long echo statements, it will make it much cleaner and easier.

echo <<<FORM
<form method="post" action="comment_card_email.html">
<input type="hidden" name="location" value="$loc">
<input type="hidden" name="quality" value="$qual">
<input type="hidden" name="comments" value="$comm">
<input type="hidden" name="email" value="$em">
<input type="hidden" name="date" value="$date">
<input type="hidden" name="time" value="$time">
<input type="submit" class="bodytext" value="submit comments" name="submit"></form>
FORM;

Your comment about the "\" makes me think that you've accidentally escaped the rest of the string. Make sure your quotes aren't causing issues. From the look of your sample comment, it looks like the user used a double quote and that escaped the rest of your string. Try using htmlspecialchars to escape those quotes instead. htmlspecialchars is a PHP function that escapes HTML friendly entities from text. So the quotes would be in the &xxxx; format. Thus you would not need to worry about escaping quotes any longer as that would be taken care of with entities. And its reversible with htmlspecialchars_decode. So this should work.

$raw = $_POST['comments'];
$stripped = stripslashes($_POST['comments'];
$comments = htmlspecialchars($stripped, ENT_QUOTES);

Edit: Oops, the form didn't go through for the heredoc, edited it to work.