Jump to content


Photo

Ok My shoutBox Is In Secure and people can submit scripts and hack my box


  • Please log in to reply
4 replies to this topic

#1 scheols

scheols
  • Members
  • PipPipPip
  • Advanced Member
  • 113 posts

Posted 09 July 2006 - 01:13 AM

can anyone tell me how i could replace the > and < tag letters with str_replace


ive tryed replacing it but i can get it can someone edit this and fix it would be a much help

<?php
if($entrytext){
$post="<";
$old="<";
$new="&lt;";
echo str_replace($old,$new,$post);
}
?>
 <?php
mysql_connect("localhost","scheols_myblog","mypassword");
mysql_select_db("scheols_myblog");
$query ="SELECT entrytitle, entrytext FROM myblog ORDER BY entrydate DESC LIMIT 10";
$result=mysql_query($query) or die(mysql_error());
while (list($entrytitle,$entrytext,$entrydate) = 
mysql_fetch_row($result)) {
echo "<dt><b>$entrytitle Says: $entrydate</b></dt>";
echo "<dd>$entrytext</dd>";
   }
 ?>


<H1>Add an Entry</H1>
<form method="POST" action="addintry.php">
<b>Name:</b><br>
<input type="text" name="entrytitle"><br>
<b>Post Your Entry:</b><br>
<textarea cols="60" rows="6" name="entrytext">
</textarea>
<input type="submit" name="submit" value="Submit">
</form>
 </dl>

 </body>
</html>

Dont Piss me Off today

#2 Kurt

Kurt
  • Members
  • PipPipPip
  • Advanced Member
  • 42 posts
  • LocationNew York

Posted 09 July 2006 - 01:15 AM

Use the htmlentities() function which replaces all html special characters with their non-harmful entity equivalent.

#3 scheols

scheols
  • Members
  • PipPipPip
  • Advanced Member
  • 113 posts

Posted 09 July 2006 - 01:33 AM

how can i get it 2 work with my form -_-
Dont Piss me Off today

#4 Kurt

Kurt
  • Members
  • PipPipPip
  • Advanced Member
  • 42 posts
  • LocationNew York

Posted 09 July 2006 - 01:35 AM

how can i get it 2 work with my form -_-

You coded all that but you don't know how to add the htmlentities() function? Anyways, replace these two lines:

echo "<dt><b>$entrytitle Says: $entrydate</b></dt>";
echo "<dd>$entrytext</dd>";

with:

echo '<dt><b>'.htmlentities($entrytitle).' Says: '.$entrydate.'</b></dt>';
echo '<dd>'.htmlentities($entrytext).'</dd>';


#5 scheols

scheols
  • Members
  • PipPipPip
  • Advanced Member
  • 113 posts

Posted 09 July 2006 - 01:39 AM

works nicly thanks sorry im still a noob this took me all day 2 get working.
Dont Piss me Off today




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users