Chevy

I own this site, that has profiles, and as of now, I only use BBCode to let users edit their page. I want to make it so they can use HTML, but how can I make it so that it bans bad things, that could put my site at risk. Thanks

Thanks a ton

I am trying to get the top 10 rows out of a table in MySQL. The thing is I want the top 10 rows of usernames... $stuff = mysql_query("SELECT MAX(`username`) AS `username` FROM `stuff` LIMIT 10"); while ($top = mysql_fetch_array($stuff)){ echo '<hr>'.$top['username'].'<hr>'; } So if there were 4 rows with the same username i would be above the one with rows of one username. Make sense?

Is it possible for a person to put a cookie in a tag like this. <b onclick="document.location.href='http://google.com' javascript: document.cookie">hello</b>

Ah, okay Got it to work! Thanks a ton again

I did this: function handle_img_bbcode($matches){ $url = $matches[1]; list($width, $height) = getimagesize($url); if ($width > 450){ error("Image To Large!", "Your image is over 450 pixels wide.", ""); } if ($height > 600){ error("Image To Large!", "Your image is over 600 pixels tall.", ""); } } And it does not work... I also added: $input = preg_replace_callback("`\[img\]([\w]*[:\/\/]*[\w\.\?\/&=\;, \-@%\?]+)\[/img\]`isU", 'handle_img_bbcode', $input); To my bbCode function.

Oh, I see it xD Thanks a ton, I will try it now...

So my varible is like this: $message = bbCode(filter($_POST['message'])); It would have to be $message = handle_img_bbcode(bbCode(filter($_POST['message']))); Correct?

Yea I have a question; how would I make it work in this function? function bbCode($input){ $input = strip_tags($input); $bbcodes = array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[img=',']'); $htmlbbcodes = array ('<b>','</b>','<i>','</i>','<u>','</u>','<img src="','" />'); $input = str_replace($bbcodes, $htmlbbcodes, $input); return $input; }

Well you see I don't want images being over 400px because the images are used on the forums and if they are to big it stretches the boards and stuff... I just want it to display an error if the image height is over 600px and the width is over 450px... But you see I don't know how to get the image from a string... The string could look like this: Hey everyone I just wanted you guys to see my new pic. [img=imageurl] So you know, comment me back or something Does that make it more clear?

Any solutions?

Okay, I have a bbCode function on my site... function bbCode($input){ $input = strip_tags($input); $bbcodes = array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[img=',']'); $htmlbbcodes = array ('<b>','</b>','<i>','</i>','<u>','</u>','<img src="','" />'); $input = str_replace($bbcodes, $htmlbbcodes, $input); return $input; } So I am wondering, if the enter their string which can be like "Blah aha blah IMAGE bla bal blah blah blah" How can I get the image URL out of that and check the size of it in my bbCode function? Thanks a lot!

Wow... I should uh, never show my face to the world again. That was the problem. Thanks. I am still shocked at how stupid I was. Sorry guys.

Heh now it wants to give me an error... Unknown column 'Chevy' in 'where clause' ...oh really...? What is that telling me exactly? xD

$friend_select = mysql_query("SELECT * FROM `friends` WHERE (`from`='$global[username]' AND `accepted`='Yes') OR (`to`='$global[username]' AND `accepted`='Yes')"); $requests_select = mysql_query("SELECT * FROM `friends` WHERE `to`='$global[username]' AND `accepted`='No'"); mysql_query("UPDATE `users` SET `friendalert`='0' WHERE `username`='$global[username]'"); //Just HTML stuff till line 81 if (mysql_num_rows($friend_select) == "0"){ echo '<font color="red"><b>You do not have any friends at the moment </b></font>'; } else { while ($yourfriends = mysql_fetch_array($friends_select)){ That all it looks like 0_o, this is really weird.

This is what it outputted

Heh true there I get this error, which I still have no clue what is wrong? #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mysql_query("SELECT * FROM `friends` WHERE `from`='Chevy' AND `accepted`='Yes'

This is kind of urgent :/ Sorry to rush things.

Okay, so I am making a friends script, and this is the query giving me hell $friend_select = mysql_query("SELECT * FROM `friends` WHERE (`from`='$global[username]' AND `accepted`='Yes') OR (`to`='$global[username]' AND `accepted`='Yes') "); Any ideas?

Oh wow, thank you so much fenway! You are a really great help I wish I was better at MySQL haha. Have a nice day, and thanks again Works perfectly!

And this would be for the $uitem_select or $trader?

I know why I am not getting this... The first query goes into the while loop...like so: $uitem_select = mysql_query("SELECT `id` FROM `useritems` WHERE `itemid`='$itemiid' AND `location`='Gone'"); while ($searchitem = mysql_fetch_array($uitem_select)){ $trader = mysql_query("SELECT `id`,`owner` FROM `trades` WHERE `item1`='$searchitem[id]' OR `item2`='$searchitem[id]' OR `item3`='$searchitem[id]' OR `item4`='$searchitem[id]' OR `item5`='$searchitem[id]' OR `item6`='$searchitem[id]' GROUP BY `id`") or die(mysql_error()); $tradebarray = mysql_fetch_array($trader); if ($tradebarray['id'] == NULL){ echo ''; } else { echo 'ID: '.$tradebarray[id].'<br>'; } }

Yea I am stumped, I do not know how to do this

Ah okay, ill look at that I never really have used JOIN before...

Hm, okay...want to lead me in the direction of that? xD