Jump to content

Recommended Posts

closes

 

this is untested

 

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td>
</tr>
</table>
<br>

<?php


function filter($string)
{
  $pattern[0] = "/ass/"; //<--MUST have /'s
  $pattern[1] = "/badword2/";
  $pattern[2] = "/badword3/";
  $replacement[0] = "####";
  $replacement[1] = "####";
  $replacement[2] = "####";
  return preg_replace($pattern, $replacement, $string);
}


$host=localhost; // Host name 
$username = tony; // Mysql username 
$password = billy; // Mysql password 
$db_name = test; // Database name 
$tbl_name=clearbook; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){

?>



<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><?php echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><?php echo $rows['name']; ?></td>
</tr>
<tr>
<td valign="top">Subject</td>
<td valign="top">:</td>
<td><?php echo filter($rows['subject']); ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><?php echo filter($rows['comment']); ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>



<?php
}
mysql_close(); //close database

?>


</body>
</html>

 

 

EDIT updated filter

 

here is the code for the viewguestbook.php

 

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td>
</tr>
</table>
<br>

<?php

function filter($string)
{
  $pattern[0] = fuck;
  $pattern[1] = ass;
  $pattern[2] = shit;
  $replacement[0] = beep;
  $replacement[1] = beep;
  $replacement[2] = beep;
  return preg_replace($pattern, $replacement, $string);
}



$host=localhost; // Host name 
$username = tony; // Mysql username 
$password = tony; // Mysql password 
$db_name = test; // Database name 
$tbl_name=clearbook; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){

?>



<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><?php echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><?php echo $rows['name']; ?></td>
</tr>
<tr>
<td valign="top">Subject</td>
<td valign="top">:</td>
<td><?php echo $rows['subject']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><?php echo $rows['comment']; ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>



<?php
}
mysql_close(); //close database
?>




</body>
</html>

i was right you missed the

 

<td><?php echo filter($rows['subject']); ?></td>

and

<td><?php echo filter($rows['comment']); ?></td>

 

 

also

you missed the quotes and the pattens MUST have /'s

 

see below

<?php
function filter($string)
{
  $pattern[0] = "/fuck/";
  $pattern[1] = "/ass/";
  $pattern[2] = "/shit/";
  $replacement[0] = "beep";
  $replacement[1] = "beep";
  $replacement[2] = "beep";
  return preg_replace($pattern, $replacement, $string);
}
?>

you got it!!! i think this topic is solved!!! now i'm back to the blocking of my username and password i understand what you gave me but ........ well i guess i really don't. i jsut don't see how to incorperate this in cause when someone goes to view source they will still see it right??

nope, anything in the <?php ?> brackets are parsed, this means processed by the php engine, unless you put the password outside the <?php ?> or print it to screen ie echo $password it will not be displayed

 

try this test

nope

 

try this

 

<?php
$user = "ME";
$password "TEST";

if($password == "TEST")
{
echo "hello world";
}

?>

 

create that as a file and view source ;)

 

 

all you will see in the source is

hello world

 

 

OH unless the php engine fails and treats php files as text, but then again theirs a little chance of that happening without the whole server going down ;)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.