[SOLVED] simple guestbook not so simple

[MadTechie]

closes

 

this is untested

 

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td>
</tr>
</table>
<br>

<?php


function filter($string)
{
  $pattern[0] = "/ass/"; //<--MUST have /'s
  $pattern[1] = "/badword2/";
  $pattern[2] = "/badword3/";
  $replacement[0] = "####";
  $replacement[1] = "####";
  $replacement[2] = "####";
  return preg_replace($pattern, $replacement, $string);
}


$host=localhost; // Host name 
$username = tony; // Mysql username 
$password = billy; // Mysql password 
$db_name = test; // Database name 
$tbl_name=clearbook; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){

?>



<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><?php echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><?php echo $rows['name']; ?></td>
</tr>
<tr>
<td valign="top">Subject</td>
<td valign="top">:</td>
<td><?php echo filter($rows['subject']); ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><?php echo filter($rows['comment']); ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>



<?php
}
mysql_close(); //close database

?>


</body>
</html>

 

 

EDIT updated filter

[ball420]

now the page is working fine that i have moved it and i understand why it had to be where it is but it doesn't block the words i have tried a few different ways again i don't want to be a pain in the butt

[MadTechie]

can you post your code again (please use the code tags) the # button

 

you might of missed the

 

<td><?php echo filter($rows['subject']); ?></td>

and

<td><?php echo filter($rows['comment']); ?></td>

[ball420]

 

here is the code for the viewguestbook.php

 

<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>11111 | <a href="guestbook.php">Rate</a> </strong></td>
</tr>
</table>
<br>

<?php

function filter($string)
{
  $pattern[0] = fuck;
  $pattern[1] = ass;
  $pattern[2] = shit;
  $replacement[0] = beep;
  $replacement[1] = beep;
  $replacement[2] = beep;
  return preg_replace($pattern, $replacement, $string);
}



$host=localhost; // Host name 
$username = tony; // Mysql username 
$password = tony; // Mysql password 
$db_name = test; // Database name 
$tbl_name=clearbook; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server "); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){

?>



<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><?php echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><?php echo $rows['name']; ?></td>
</tr>
<tr>
<td valign="top">Subject</td>
<td valign="top">:</td>
<td><?php echo $rows['subject']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><?php echo $rows['comment']; ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>



<?php
}
mysql_close(); //close database
?>




</body>
</html>

[MadTechie]

i was right you missed the

 

<td><?php echo filter($rows['subject']); ?></td>

and

<td><?php echo filter($rows['comment']); ?></td>

 

 

also

you missed the quotes and the pattens MUST have /'s

 

see below

<?php
function filter($string)
{
  $pattern[0] = "/fuck/";
  $pattern[1] = "/ass/";
  $pattern[2] = "/shit/";
  $replacement[0] = "beep";
  $replacement[1] = "beep";
  $replacement[2] = "beep";
  return preg_replace($pattern, $replacement, $string);
}
?>

[ball420]

you got it!!! i think this topic is solved!!! now i'm back to the blocking of my username and password i understand what you gave me but ........ well i guess i really don't. i jsut don't see how to incorperate this in cause when someone goes to view source they will still see it right??

[MadTechie]

nope, anything in the <?php ?> brackets are parsed, this means processed by the php engine, unless you put the password outside the <?php ?> or print it to screen ie echo $password it will not be displayed

 

try this test

nope

 

try this

 

<?php
$user = "ME";
$password "TEST";

if($password == "TEST")
{
echo "hello world";
}

?>

 

create that as a file and view source

 

 

all you will see in the source is

hello world

 

 

OH unless the php engine fails and treats php files as text, but then again theirs a little chance of that happening without the whole server going down

[ball420]

thanks for all your help i'm going to mark this one as topic sovled.

 

topic : simple guestbook not so simple unless you get help from a pro!!!

 

thanks for all your help see ya on the next one

 

cheers!

[MadTechie]

WooHoo