Jump to content

Archived

This topic is now archived and is closed to further replies.

scheols

Ok My shoutBox Is In Secure and people can submit scripts and hack my box

Recommended Posts

can anyone tell me how i could replace the > and < tag letters with str_replace


ive tryed replacing it but i can get it can someone edit this and fix it would be a much help

[code]
<?php
if($entrytext){
$post="<";
$old="<";
$new="&lt;";
echo str_replace($old,$new,$post);
}
?>
<?php
mysql_connect("localhost","scheols_myblog","mypassword");
mysql_select_db("scheols_myblog");
$query ="SELECT entrytitle, entrytext FROM myblog ORDER BY entrydate DESC LIMIT 10";
$result=mysql_query($query) or die(mysql_error());
while (list($entrytitle,$entrytext,$entrydate) =
mysql_fetch_row($result)) {
echo "<dt><b>$entrytitle Says: $entrydate</b></dt>";
echo "<dd>$entrytext</dd>";
  }
?>


<H1>Add an Entry</H1>
<form method="POST" action="addintry.php">
<b>Name:</b><br>
<input type="text" name="entrytitle"><br>
<b>Post Your Entry:</b><br>
<textarea cols="60" rows="6" name="entrytext">
</textarea>
<input type="submit" name="submit" value="Submit">
</form>
</dl>

</body>
</html>
[/code]

Share this post


Link to post
Share on other sites
Use the htmlentities() function which replaces all html special characters with their non-harmful entity equivalent.

Share this post


Link to post
Share on other sites
[quote author=scheols link=topic=99921.msg393806#msg393806 date=1152408802]
how can i get it 2 work with my form -_-
[/quote]
You coded all that but you don't know how to add the htmlentities() function? Anyways, replace these two lines:

[code]
echo "<dt><b>$entrytitle Says: $entrydate</b></dt>";
echo "<dd>$entrytext</dd>";
[/code]

with:

[code]
echo '<dt><b>'.htmlentities($entrytitle).' Says: '.$entrydate.'</b></dt>';
echo '<dd>'.htmlentities($entrytext).'</dd>';
[/code]

Share this post


Link to post
Share on other sites
works nicly thanks sorry im still a noob this took me all day 2 get working.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.