MadTechie Posted April 24, 2007 Share Posted April 24, 2007 closes this is untested <table width="400" border="0" align="center" cellpadding="3" cellspacing="0"> <tr> <td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td> </tr> </table> <br> <?php function filter($string) { $pattern[0] = "/ass/"; //<--MUST have /'s $pattern[1] = "/badword2/"; $pattern[2] = "/badword3/"; $replacement[0] = "####"; $replacement[1] = "####"; $replacement[2] = "####"; return preg_replace($pattern, $replacement, $string); } $host=localhost; // Host name $username = tony; // Mysql username $password = billy; // Mysql password $db_name = test; // Database name $tbl_name=clearbook; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td>ID</td> <td>:</td> <td><?php echo $rows['id']; ?></td> </tr> <tr> <td width="117">Name</td> <td width="14">:</td> <td width="357"><?php echo $rows['name']; ?></td> </tr> <tr> <td valign="top">Subject</td> <td valign="top">:</td> <td><?php echo filter($rows['subject']); ?></td> </tr> <tr> <td valign="top">Comment</td> <td valign="top">:</td> <td><?php echo filter($rows['comment']); ?></td> </tr> <tr> <td valign="top">Date/Time </td> <td valign="top">:</td> <td><?php echo $rows['datetime']; ?></td> </tr> </table></td> </tr> </table> <BR> <?php } mysql_close(); //close database ?> </body> </html> EDIT updated filter Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-236980 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 now the page is working fine that i have moved it and i understand why it had to be where it is but it doesn't block the words i have tried a few different ways again i don't want to be a pain in the butt Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-236989 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 can you post your code again (please use the code tags) the # button you might of missed the <td><?php echo filter($rows['subject']); ?></td> and <td><?php echo filter($rows['comment']); ?></td> Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237000 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 here is the code for the viewguestbook.php <table width="400" border="0" align="center" cellpadding="3" cellspacing="0"> <tr> <td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td> </tr> </table> <br> <?php function filter($string) { $pattern[0] = fuck; $pattern[1] = ass; $pattern[2] = shit; $replacement[0] = beep; $replacement[1] = beep; $replacement[2] = beep; return preg_replace($pattern, $replacement, $string); } $host=localhost; // Host name $username = tony; // Mysql username $password = tony; // Mysql password $db_name = test; // Database name $tbl_name=clearbook; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td>ID</td> <td>:</td> <td><?php echo $rows['id']; ?></td> </tr> <tr> <td width="117">Name</td> <td width="14">:</td> <td width="357"><?php echo $rows['name']; ?></td> </tr> <tr> <td valign="top">Subject</td> <td valign="top">:</td> <td><?php echo $rows['subject']; ?></td> </tr> <tr> <td valign="top">Comment</td> <td valign="top">:</td> <td><?php echo $rows['comment']; ?></td> </tr> <tr> <td valign="top">Date/Time </td> <td valign="top">:</td> <td><?php echo $rows['datetime']; ?></td> </tr> </table></td> </tr> </table> <BR> <?php } mysql_close(); //close database ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237003 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 i was right you missed the <td><?php echo filter($rows['subject']); ?></td> and <td><?php echo filter($rows['comment']); ?></td> also you missed the quotes and the pattens MUST have /'s see below <?php function filter($string) { $pattern[0] = "/fuck/"; $pattern[1] = "/ass/"; $pattern[2] = "/shit/"; $replacement[0] = "beep"; $replacement[1] = "beep"; $replacement[2] = "beep"; return preg_replace($pattern, $replacement, $string); } ?> Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237009 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 you got it!!! i think this topic is solved!!! now i'm back to the blocking of my username and password i understand what you gave me but ........ well i guess i really don't. i jsut don't see how to incorperate this in cause when someone goes to view source they will still see it right?? Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237019 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 nope, anything in the <?php ?> brackets are parsed, this means processed by the php engine, unless you put the password outside the <?php ?> or print it to screen ie echo $password it will not be displayed try this test nope try this <?php $user = "ME"; $password "TEST"; if($password == "TEST") { echo "hello world"; } ?> create that as a file and view source all you will see in the source is hello world OH unless the php engine fails and treats php files as text, but then again theirs a little chance of that happening without the whole server going down Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237024 Share on other sites More sharing options...
ball420 Posted April 24, 2007 Author Share Posted April 24, 2007 thanks for all your help i'm going to mark this one as topic sovled. topic : simple guestbook not so simple unless you get help from a pro!!! thanks for all your help see ya on the next one cheers! Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237031 Share on other sites More sharing options...
MadTechie Posted April 24, 2007 Share Posted April 24, 2007 WooHoo Link to comment https://forums.phpfreaks.com/topic/48333-solved-simple-guestbook-not-so-simple/page/2/#findComment-237037 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.