bigrossco Posted January 7, 2007 Share Posted January 7, 2007 is their anyway of stopping scripts being added to forms? Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/ Share on other sites More sharing options...
weknowtheworld Posted January 7, 2007 Share Posted January 7, 2007 Please explain in detail. I did not understood. Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-154978 Share on other sites More sharing options...
bigrossco Posted January 7, 2007 Author Share Posted January 7, 2007 ok, i have a forum setup which links into a MySQL Database and just wondering if their is any way possible to stop a user placing a script in to the text area of the form? Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-155040 Share on other sites More sharing options...
fenway Posted January 7, 2007 Share Posted January 7, 2007 Do you mean have the script run when the text area is next populated? Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-155238 Share on other sites More sharing options...
AXiSS Posted January 8, 2007 Share Posted January 8, 2007 I think he means that he wants to prevent users from placing scripts in the form. Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-155482 Share on other sites More sharing options...
DarkendSoul Posted January 8, 2007 Share Posted January 8, 2007 How about we do something to embarrass who ever does it, allow them to put code but it wont be functional. From the sounds of it you do have PHP, so do this.[code]<?phpfunction replace_tags($string) { $html = array("<", ">"); $text = array("<", ">"); return str_replace($html, $text, $string);}?>[/code]Just make sure the forum runs through this before the information is actually added. It will make it so < and > show up as letters and don't turn into code. This will also help anyone asking questions about how to do something in HTML and them needing an HTML answer.Usage:[code]<?php// Example 1$text="<HTML></HTML>";echo replace_tags($text);// Output : <HTML></HTML>// As text not actual html.// Example 2echo replace_tags("<HTML></HTML>");// Output : <HTML></HTML>// As text not actual html.?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-155498 Share on other sites More sharing options...
fenway Posted January 8, 2007 Share Posted January 8, 2007 I didn't think textareas executed scripts, though all of the suggestions made above are, of course, appropriate. Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-156083 Share on other sites More sharing options...
bigrossco Posted January 12, 2007 Author Share Posted January 12, 2007 the text areas as far as I know dont, the problem is when users input the text into the text area and the results are displayed on a page but I have now managed to get it fixed :) Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-159207 Share on other sites More sharing options...
nogray Posted January 12, 2007 Share Posted January 12, 2007 you always can use regular expression to remove the script tags, or just change the script tag using phpfor example[code]<?PHP $text = str_replace(array("<script", "<SCRIPT", "<Script"), "<!-- ", $text); $text = str_replace(array("</script>", "</SCRIPT>", "</Script>"), " -->", $text);?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-159547 Share on other sites More sharing options...
AXiSS Posted January 13, 2007 Share Posted January 13, 2007 Can't you just do<?php $final_var = htmlspecialchars($original_var); ?>to replace < and > with < and >? Quote Link to comment https://forums.phpfreaks.com/topic/33198-forms/#findComment-159690 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.