quickstopman Posted May 15, 2007 Share Posted May 15, 2007 ok i have a minor problem. when my user updates his or her profile when they try to insert HTML into it it doesn't work for instance.. when you want to put <font color="red"> you get <font color=/"red/"> which doesn't work does anyone know how to fix that? Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/ Share on other sites More sharing options...
Wildbug Posted May 15, 2007 Share Posted May 15, 2007 if (get_magic_quotes_gpc()) $value = stripslashes($value); // ...or, at the beginning of your script: if (isset($_POST) and get_magic_quotes_gpc()) array_walk_recursive($_POST,create_function('&$value',"\$value = stripslashes(\$value);")); Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253836 Share on other sites More sharing options...
quickstopman Posted May 15, 2007 Author Share Posted May 15, 2007 so i would put the second one at the top of the script ??? Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253841 Share on other sites More sharing options...
quickstopman Posted May 15, 2007 Author Share Posted May 15, 2007 here is to code <?php ob_start(); session_start(); //include config.php file include('config.php'); include_once 'header.php'; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <style> .words { background-color:#16333B; color:#A9D033; } </style> <?php $p = $_GET['p']; //see my ?id= browsing tutorial if(!isset($_SESSION['username'])){ ?> <form action='login.php' method='POST'> You Must Be logged in to View this page!<br> Login here:<br> Username: <input type='text' name='username' class='words'><br> Password: <input type='password' name='password' class='words'><br> <input name='login' type='submit' value='Submit' class='words'><br> Not <a href="../register.php">registered</a>? </form> <?php exit(); } else{ if($_POST['update']){ // Get Posted Variables... $fullname = mysql_real_escape_string($_POST['fullname']); $aboutme = mysql_real_escape_string($_POST['aboutme']); $email = mysql_real_escape_string($_POST['email']); $likes = mysql_real_escape_string($_POST['likes']); $hates = mysql_real_escape_string($_POST['hates']); $id = $_SESSION['id']; // Get Sandy's record from the "example" table $result = mysql_query("UPDATE users SET `aboutme` = '$aboutme', `email` = '$email', `fullname` = '$fullname', `likes` = '$likes', `hates` = '$hates' WHERE id = '$id'") or die(mysql_error()); header("Refresh:2"); echo "<B>Profile Updated</B><br><br>"; } else { $sql = mysql_query("SELECT * FROM users WHERE id = '{$id}'") or die(mysql_error()); $r=mysql_fetch_array($sql); ?> <form name="update" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <table cellpadding="2" cellspacing="1" width="400"> <tr> <td wdith="35%">Username:</td> <td><?php echo $r['username']; ?></td> </tr> <tr> <td wdith="35%">Id:</td> <td><?php echo $r['id']; ?></td> </tr> <tr> <td>Full Name:</td> <td><input type="text" name="fullname" value="<?php echo $r['fullname']; ?>" /></td> </tr> <tr> <td>Email Address:</td> <td><input type="text" name="email" value="<?php echo $r['email']; ?>" /></td> </tr> <tr> <td>About Me:</td> <td><textarea cols="50" rows="5" input type="text/html" name="aboutme" value="" /><? echo $r['aboutme']; ?></textarea></td> </tr> <td>Likes:</td> <td><textarea cols="50" rows="5" name="likes"><? echo $r['likes']; ?></textarea></td> </tr> <td>Hates:</td> <td><textarea cols="50" rows="5" name="hates"><? echo $r['hates']; ?></textarea></td> </tr> <tr> <td colspan="2"><input type="submit" name="update" value="Update Profile" ></td> </tr> </table> </form> <? } } ?> so where would i put that code exactly? Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253846 Share on other sites More sharing options...
lewis987 Posted May 15, 2007 Share Posted May 15, 2007 you can use either, try this code then <?php if (isset($_POST) and get_magic_quotes_gpc()) array_walk_recursive($_POST,create_function('&$value',"\$value = stripslashes(\$value);")); ob_start(); session_start(); //include config.php file include('config.php'); include_once 'header.php'; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <style> .words { background-color:#16333B; color:#A9D033; } </style> <?php $p = $_GET['p']; //see my ?id= browsing tutorial if(!isset($_SESSION['username'])){ ?> <form action='login.php' method='POST'> You Must Be logged in to View this page!<br> Login here:<br> Username: <input type='text' name='username' class='words'><br> Password: <input type='password' name='password' class='words'><br> <input name='login' type='submit' value='Submit' class='words'><br> Not <a href="../register.php">registered</a>? </form> <?php exit(); } else{ if($_POST['update']){ // Get Posted Variables... $fullname = mysql_real_escape_string($_POST['fullname']); $aboutme = mysql_real_escape_string($_POST['aboutme']); $email = mysql_real_escape_string($_POST['email']); $likes = mysql_real_escape_string($_POST['likes']); $hates = mysql_real_escape_string($_POST['hates']); $id = $_SESSION['id']; // Get Sandy's record from the "example" table $result = mysql_query("UPDATE users SET `aboutme` = '$aboutme', `email` = '$email', `fullname` = '$fullname', `likes` = '$likes', `hates` = '$hates' WHERE id = '$id'") or die(mysql_error()); header("Refresh:2"); echo "<B>Profile Updated</B><br><br>"; } else { $sql = mysql_query("SELECT * FROM users WHERE id = '{$id}'") or die(mysql_error()); $are=mysql_fetch_array($sql); ?> <form name="update" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <table cellpadding="2" cellspacing="1" width="400"> <tr> <td wdith="35%">Username:</td> <td><?php echo $are['username']; ?></td> </tr> <tr> <td wdith="35%">Id:</td> <td><?php echo $are['id']; ?></td> </tr> <tr> <td>Full Name:</td> <td><input type="text" name="fullname" value="<?php echo $are['fullname']; ?>" /></td> </tr> <tr> <td>Email Address:</td> <td><input type="text" name="email" value="<?php echo $are['email']; ?>" /></td> </tr> <tr> <td>About Me:</td> <td><textarea cols="50" rows="5" input type="text/html" name="aboutme" value="" /><? echo $are['aboutme']; ?></textarea></td> </tr> <td>Likes:</td> <td><textarea cols="50" rows="5" name="likes"><? echo $are['likes']; ?></textarea></td> </tr> <td>Hates:</td> <td><textarea cols="50" rows="5" name="hates"><? echo $are['hates']; ?></textarea></td> </tr> <tr> <td colspan="2"><input type="submit" name="update" value="Update Profile" ></td> </tr> </table> </form> <? } } ?> Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253847 Share on other sites More sharing options...
quickstopman Posted May 15, 2007 Author Share Posted May 15, 2007 now i get this error Fatal error: Call to undefined function: array_walk_recursive() in /home/pokebash/public_html/getmetola/editprofile.php on line 2 Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253848 Share on other sites More sharing options...
Wildbug Posted May 15, 2007 Share Posted May 15, 2007 array_walk_recursive() is only PHP 5+. Do you have an older version? There are user-written alternatives around for that functionality. Otherwise, just use the single case on the variable that's giving you trouble. if (get_magic_quotes_gpc()) $value = stripslashes($value); Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253854 Share on other sites More sharing options...
quickstopman Posted May 15, 2007 Author Share Posted May 15, 2007 still for some reason the /'s still appear... do you think i should change the type of the row in the database Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253862 Share on other sites More sharing options...
quickstopman Posted May 15, 2007 Author Share Posted May 15, 2007 ok i got it too work another way thanks tho! Link to comment https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/#findComment-253870 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.