quickstopman Posted May 16, 2007 Share Posted May 16, 2007 im trying to make it so in my users edit profile page the user can't put PHP, or Javascript in it. i have a basic knowledge of what to do here is what i think would work if($aboutme) { $aboutme = str_replace('<?', '...', $aboutme); $aboutme = str_replace('?>', '...', $aboutme); } but thats probly wrong. thanks! Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/ Share on other sites More sharing options...
quickstopman Posted May 16, 2007 Author Share Posted May 16, 2007 ok on second thought i now what i did wrong sorry guys Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/#findComment-254132 Share on other sites More sharing options...
warewolfe Posted May 16, 2007 Share Posted May 16, 2007 Hi, Just in case you come back to check this thread. $some_string = htmlentities($some_string,ENT_QUOTES); would be more secure than a string_replace. Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/#findComment-254152 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.