yes i found it ...damn...i found it.....but i cant block them from sending "URL" s but have found a simple way for me not to display their URL comments.
here we go....you are welcome to help make the code more stronger.
// execute query
$query = "SELECT name,comment,the_time,date FROM comments.vw_comments";
$result = pg_exec($dbh, $query);
if ($result) {
echo "<table width=300>";
for ($row = 0; $row < pg_numrows($result); $row++) {
$name = pg_result($result, $row, 'name') . " ";
$comment = pg_result($result, $row, 'comment') . " ";
$the_time = pg_result($result,$row, 'the_time'). " ";
$date = pg_result($result,$row, 'date'). " ";
$comment = preg_replace('/<[^>]*>/', '', $comment);
echo "<tr>";
echo "<td bgcolor=edecf1 width=300 style=font-size:8.0pt>";
echo "<img src=site_pics/comment.png><span style=color:#0000A0><b>$name</b>:</span>$comment<br /><span style=color:#7f7f81>$date $the_time</span>";
echo "</td>";
echo "</tr>";
//echo "<tr><td style='border-bottom: 15px solid #ffffff'><img src='application/images/for_fun.jpg'></td></tr>";
}
echo "</table>";
} else {
echo "The query failed with the following error:<br>\n";
echo pg_errormessage($dbh);
}