Jump to content

Archived

This topic is now archived and is closed to further replies.

pro_se

substring? User form entry...

Recommended Posts

Hello... You know in Myspace when you attempt to put a coldfusion string into an about me page -- it does not parse the coldfusion or does not insert the full code into the database? How can i  do that with php? just taking out '[b]<?php[/b]' and replacing it with '[b]...[/b]'?

Share this post


Link to post
Share on other sites
I would guess html entities, that is what andy told me, and it worked, if you are doing what I think you are trying to do.

Share this post


Link to post
Share on other sites
well... i have a about me section on my cms and i dont want people putting in php scripts and having them parse... if you have a good way to do this that would be cool...

Share this post


Link to post
Share on other sites
I you mean some custom programming, here is my idea of a way you could implement something.

Think about html entities.
if you have the symbols for < and > instead then it doesn't run.  Here is what I would probably attempt to do.

1. Have the information you are getting put into a variable
like
$value = $_POST['value']
or something, anything to trap whatever they are submitting into a variable so you can work with it.
now, use some regular expressions to try and find the existence of the php tags, like <?  and <?php, if they find a match, just prevent the script from running, return a validation error at that point, and say no php scripts allowed.

Share this post


Link to post
Share on other sites
Here
The i within the regular expression makes it case ignore, if you want it to be case sensitive, then simply remove it.
[code]<?php
// This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch, $OutPutArray);
// This will simply test to see if it exists or not.

preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch);
?>[/code]

Share this post


Link to post
Share on other sites
or can u tell me the format for the "  ("/[<\?php]{6}(.*?)[\?>]{3}/i", "stuff

Share this post


Link to post
Share on other sites
This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", [b]$StringToSearch[/b], $OutPutArray);

This will simply test to see if it exists or not.
preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", [b]$StringToSearch[/b]);

Share this post


Link to post
Share on other sites
That just tests to see, for instance.
This will pull out the contents of the php tags.
preg_match_all("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch, $OutPutArray);
if you use this one here, then it looks within the string to search for any occurence of <?php stuff ?>
then it extracts whatever is in between <?php ?> and puts it in output array.

This will simply test to see if it exists or not.
preg_match("/[<\?php]{6}(.*?)[\?>]{3}/i", $StringToSearch);
for this down here it simply tests whether those tags exist or not, then you can return a validation error if you choose, or the top one you can just extract the contents, so it runs empty php tags, whichever you choose to do.

Share this post


Link to post
Share on other sites
waiiitt... i got it... this works perfect... i sould actually look at the manual before i post... lol.... thanks for the input tho...[code]$string = 'The quick brown fox jumped over the lazy dog.';
$patterns[0] = '/quick/';
$patterns[1] = '/brown/';
$patterns[2] = '/fox/';
$replacements[2] = 'bear';
$replacements[1] = 'black';
$replacements[0] = 'slow';
echo preg_replace($patterns, $replacements, $string);[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.