substring? User form entry...

[pro_se]

Hello... You know in Myspace when you attempt to put a coldfusion string into an about me page -- it does not parse the coldfusion or does not insert the full code into the database? How can i  do that with php? just taking out '[b]<?php[/b]' and replacing it with '[b]...[/b]'?

[Ninjakreborn]

I would guess html entities, that is what andy told me, and it worked, if you are doing what I think you are trying to do.

[pro_se]

well... i have a about me section on my cms and i dont want people putting in php scripts and having them parse... if you have a good way to do this that would be cool...

[Ninjakreborn]

I you mean some custom programming, here is my idea of a way you could implement something.

Think about html entities.
if you have the symbols for < and > instead then it doesn't run.  Here is what I would probably attempt to do.

1. Have the information you are getting put into a variable
like
$value = $_POST['value']
or something, anything to trap whatever they are submitting into a variable so you can work with it.
now, use some regular expressions to try and find the existence of the php tags, like <?  and <?php, if they find a match, just prevent the script from running, return a validation error at that point, and say no php scripts allowed.

[Ninjakreborn]

Here
The i within the regular expression makes it case ignore, if you want it to be case sensitive, then simply remove it.
[code]<?php
// This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch, $OutPutArray);
// This will simply test to see if it exists or not.

preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch);
?>[/code]

[pro_se]

can u bold what is going to be searched? plz...

[pro_se]

or can u tell me the format for the "  ("/[<\?php]{6}(.*?)[\?>]{3}/i", "stuff

[Ninjakreborn]

This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", [b]$StringToSearch[/b], $OutPutArray);

This will simply test to see if it exists or not.
preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", [b]$StringToSearch[/b]);

[Ninjakreborn]

That just tests to see, for instance.
This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch, $OutPutArray);
if you use this one here, then it looks within the string to search for any occurence of <?php stuff ?>
then it extracts whatever is in between <?php ?> and puts it in output array.

This will simply test to see if it exists or not.
preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch);
for this down here it simply tests whether those tags exist or not, then you can return a validation error if you choose, or the top one you can just extract the contents, so it runs empty php tags, whichever you choose to do.

[pro_se]

waiiitt... i got it... this works perfect... i sould actually look at the manual before i post... lol.... thanks for the input tho...[code]$string = 'The quick brown fox jumped over the lazy dog.';
$patterns[0] = '/quick/';
$patterns[1] = '/brown/';
$patterns[2] = '/fox/';
$replacements[2] = 'bear';
$replacements[1] = 'black';
$replacements[0] = 'slow';
echo preg_replace($patterns, $replacements, $string);[/code]