[SOLVED] My code is adding extra things it shouldn`t

[djfox]

It`s still messed up.

 

The reason why I`m allowing html to be entered is because if people get the virtual pets/adoptables, they want places to display them. It requires html to be able to do that. It bothers me that for whatever my site has coding problems every time I turn around while these other sites have no problems. The only time anything gets changed with the site (on my end) is me changing the codes to try and correct a problem that has popped up. I can`t afford a programmer and I`m not surrendering my site`s ownership partially to another person.

 

So I dunno. >.<; This is annoying and very irritating.

[DarkWater]

Okay, I just tried this on my server, and this works.  It removes all the slashes and quotes in URLs, but not from the HREF attributes and stuff.  Try it, it should work.

<?php
$userstuff = explode("\"", $user[25]);
$notallowed = array("\\", "\"");
$count = 0;
foreach ($userstuff as $v) {
if (strpos($v, array("http://", "www", "</a>")) !== FALSE) {
   $v = str_ireplace($notallowed, "", urldecode($v));
}
if ($count == 0) {
$newuser[] = $v;

}
elseif ($count == count($userstuff)) {
$newuser[] = $v;
}
else {
$newuser[] = "\"" . $v . "\"";
}

$count++;
}
echo implode("", $newuser);
?>

 

Sorry about the other one, it errored out.  I just fixed this one and it works.  Put this whole block in for <?php echo $user[25]?>.

Wherever that line appears (I don't know, lol), put that.

[djfox]

Still doesn`t work. @_@;; It still wants to enter urls as "http://secrettrance.net/%5C%22%22http://www.pokeplushies.com/images/adoptables/321731.gif%5C%22%22".

[djfox]

Know of any reliable "free" scripts I could get that would allow this stuff to go through bug-free?

The WYSIWYG was one of those and for the longest time worked (which is what is being currently used).

Or of any alternatives I can do to make this work?

[DarkWater]

It's horridly messed up as it is, and no free script can fix design flaws.  You need a seperate pets table, and don't let them enter HTML into the pets box...Then can destroy the layout.  And just have them enter a URL and add it in to the pets table with the user_id as the thing that will identify then. 

 

I mean, if I spent a long time looking at it and trying to write a really convoluted string function, I could do it, but it's better to just use good coding practice.

[djfox]

But other sites allow this (such as deviantart and ponyisland). Using html used to work for my site. What happened?

 

What could I use for the form to check for html codes before it processes the form, and if there is any html, it would return with "No html allowed"?

And what about blocking certain html codes? I need some html permissible for the literature submissions.

[DarkWater]

strip_tags($_POST['text'], "<p><br /><br><b><i>");

 

=P  Put in the tags you want to allow as the second argument.  ONLY the starting tag.

 

Edited.

[djfox]

Would I put permissible html tags one on each line or one right after the other?

[DarkWater]

Right after each other.  This stupid WYSIWYG editor on THIS site turned all my example tags into styles on my post.  Let me repost it in code tags. >_>

[djfox]

And here`s the kick in the pants:

I have another site hosted with the same company that uses all the same codes as what my in question uses, and that second site has no problems. It uses WYSIWYG as well.

[DarkWater]

Did someone enter something unexpected and it just handled it wrong?  You never know what someone's going to enter.

[djfox]

True that, you never know.

But what I posted to you is what I was entering in into the form. If I post the same thing on the other site it works. x_x;

Example here: http://aplaceforpets1.com/page.php?id=11

(I have to remove that soon though but if you scroll down a bit you will see al the images and everything working properly there.)

 

And just to be sure I fully understand what I`m doing, I would enter the code as:

$text=strip_tags($_POST['text'], "<p><br /><br><b><i>");
mysql_query("UPDATE userdata SET pet_s='$text' WHERE id='$id'");

Correct?

[DarkWater]

HA I FOUND MY MISTAKE.  WOOT.  OKAY THIS WORKS. @_@  I just tried it on my server with the EXACT output you gave to me (with all the \ and stuff) and got it to work with your images PERFECTLY.  Put this and tell me what happens.

 

$userstuff = explode("\"", $user[25]);

$notallowed = array("\\", "\"");

$count = 0;

foreach ($userstuff as $v) {

 

  $v = str_ireplace($notallowed, "", urldecode($v));

 

if ($count == 0) {

$newuser[] = $v;

 

}

elseif ($count == count($userstuff)) {

$newuser[] = $v;

}

else {

$newuser[] = "\"" . $v;

}

 

$count++;

}

echo (implode("", $newuser));

?>

 

[djfox]

All right, that seems to do the trick. ^^ Now since this info will be updated frequently, can this also be applied to the textarea for proper display there?

[DarkWater]

Uhh....ya.  It's a good thing I'm pretty good with string functions. xD  So annoying sometimes. @_@

[djfox]

It IS a good thing. I certainly would have never figured this out. Thanks much for having patience with me and sticking with this to help me out!

[DarkWater]

Ha, no problem.  Feel free to ask more questions if you ever have to. 

 

You might want to click Topic Solved in the bottom...left of the topic.