DeathStar Posted March 24, 2007 Share Posted March 24, 2007 Hi there. I want to find out a few things: How can I get/diplay dates in a format 26:02 20/03/2006?? How does this magic quotes work to block things liek: <script> <table> <html> etc.. so var im only getting to: magic_quotes_gpc = On Quote Link to comment Share on other sites More sharing options...
fert Posted March 24, 2007 Share Posted March 24, 2007 How does this magic quotes work to block things liek: magic_quotes doesn't block anything it just inserts slashes to prevent sql injection attacks. How can I get/diplay dates in a format 26:02 20/03/2006?? http://us3.php.net/manual/en/function.date.php Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 ok but what can i get to block out html/ php tags. Blocked sql injections from start useing: mysql_real_escape_string() Quote Link to comment Share on other sites More sharing options...
Kerblam Posted March 24, 2007 Share Posted March 24, 2007 The date format: date("H:i d/m/Y"); Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 or: $time = date('U'); Got thanks thanks but hwo can i block those nasty other things ex: <table> etc.. or hwo can i remove it? Quote Link to comment Share on other sites More sharing options...
fert Posted March 24, 2007 Share Posted March 24, 2007 strip_tags Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 Thanks Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 Now i got a problem: It strips things like <script> but i put an if in to die if it has that but doesnt seem to work: e $name2 = $_POST['name']; if (strip_tags($name2)){ die("Contained Tags");} else { $name1 = $name2;} $name = mysql_real_escape_string($name1); $reson2 = $_POST['reson']; if (strip_tags($reson2)){ die("Contained Tags");} else { $reson1 = $reson2;} $reson = mysql_real_escape_string($reson1); $status2 = $_POST['status']; if (strip_tags($status2)){ die("Contained Tags");} else { $status1 = $status2;} $status = mysql_real_escape_string($status1); $email2 = $_POST['email']; if (strip_tags($email2)){ $email1 = "Removed. Contained Tags";} else { $email1 = $email2;} $email = mysql_real_escape_string($email1); $ip2 = $_POST['ip']; if (strip_tags($ip2)){ die ("Contained Tags");} else { $ip1 = $ip2;} $ip = mysql_real_escape_string($ip1); $whois2 = $_POST['whois']; if (strip_tags($whois2)){ die ("Contained Tags");} else { $whois1 = $whois2;} $whois = mysql_real_escape_string($whois1); $date2 = date("H:i d/m/Y"); $date1 = strip_tags($date2); $date = mysql_real_escape_string($date1); $about2 = $_POST['about']; if (strip_tags($about2)){ die ("Contained Tags");} else { $about1 = $about2;} $about = mysql_real_escape_string($about1); $affected2 = $_POST['affected']; if (strip_tags($affected2)){ die ("Contained Tags");} else { $affected1 = $affected2;} $affected = mysql_real_escape_string($affected1); Quote Link to comment Share on other sites More sharing options...
Lumio Posted March 24, 2007 Share Posted March 24, 2007 please use tabs/spaces to make your code more readable like this: <?php if ($var == 1) { echo 'ok'; } ?> Quote Link to comment Share on other sites More sharing options...
fert Posted March 24, 2007 Share Posted March 24, 2007 Please read the page on strip_tags Quote Link to comment Share on other sites More sharing options...
cmgmyr Posted March 24, 2007 Share Posted March 24, 2007 please use tabs/spaces to make your code more readable like this: ***you also have to put in the <?php ?> tags Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 lumo, you starting to sound like my one friend lol SO i am supposed to get the query's and display it liek this: $query = mysql_query("SELECT * FROM `table`"); $q = mysql_fetch_array($query); echo "<table><tr><td>Name</td></tr>"; echo "<tr><td>"; echo strip_tags($q['name']); echo "</td></tr></table>"; ?? Quote Link to comment Share on other sites More sharing options...
Lumio Posted March 24, 2007 Share Posted March 24, 2007 lumo, you starting to sound like my one friend lol aha? what does he says? Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 Arg.. Beatify your code Quote Link to comment Share on other sites More sharing options...
cmgmyr Posted March 24, 2007 Share Posted March 24, 2007 Well it does...think of it like putting the [ code ] blocks in your posts Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 yea yea.. I did it that way now but i am getting this error: Fatal error: Call to undefined function: stript_tags() in /home/deathsta/public_html/index.php on line 72 Here is my code aka beautified: $sm = mysql_query("SELECT * FROM tablename ORDER BY $by $ord LIMIT 100"); $no1 = $st + 1; $no2 = $st + 100; print "<font color=white>Showing $no1 to $no2 by order of $by $ord. <table width='533' height='21' border='0' align='center' cellpadding='0' cellspacing='1' bordercolor='#000000' bgcolor='#FF0000'> <tr> <td width='100'><div align='center'><span class='style5'>Name</span></div></td> <td width='200'><div align='center'><span class='style5'>Reson</span></div></td> <td width='80'><div align='center'><span class='style5'>Status</span></div></td> <td width='200'><div align='center'><span class='style5'>E-mail</span></div></td> <td width='200'><div align='center'><span class='style5'>IP</span></div></td> <td width='120'><div align='center'><span class='style5'>Added:</span></div></td> <td width='1200'><div align='center'><span class='style5'>Links</span></div></td> </tr>"; while ($s = mysql_fetch_array($sm)) { print "<tr class=\"off\" onmouseover=\"this.className='on'\" onmouseout=\"this.className='off'\"> <td><font color=#333333>"; echo stript_tags($s['name']); echo "</td>"; echo "<td>"; $str = ($s['reson']); if (strlen($str) <= 6) { echo stript_tags($str); echo "</td>"; } else { $substr = substr($str, 0, 6); echo stript_tags($substr); echo "..."; echo "</td>"; } if ($s['status'] == 0) { print "<td bgcolor=white><font color=#333333>None</td>"; } elseif ($s['status'] == 1) { print "<td bgcolor=yellow><font color=#333333>Abuser</td>"; } elseif ($s['status'] == 2) { print "<td bgcolor=orange><font color=#333333>Beware</td>"; } elseif ($s['status'] == 3) { print "<td bgcolor=red><font color=#333333>Ban</td>"; } echo "<td><font color=#333333>"; echo stript_tags($s['email']); echo "</td> <td><font color=#333333>"; echo stript_tags($s['ip']); echo "</td> <td><font color=#333333>"; echo stript_tags($s['date']); echo "</td> <td><center><font color=#333333><a href='http://www.google.com/search?q={$s['name']}' target='_new' class='mystl'><img src='google.gif' alt='load' /></a> <a href='http://www.yahoo.comsearch?p={$s['name']}'><img src='yahoo.gif'></a> <font color=#333333><a href='index.php?user={$s['sid']}' class='mystl'><img src='view.gif'></a></td> </tr>"; } print "</table>"; Quote Link to comment Share on other sites More sharing options...
DeathStar Posted March 24, 2007 Author Share Posted March 24, 2007 And it helps if i can spell eh? strip_tags not stript_tags But now how can i make it display a message like Text removed if the strip_tags removed the html command? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.