quickstopman Posted May 16, 2007 Share Posted May 16, 2007 im trying to make it so in my users edit profile page the user can't put PHP, or Javascript in it. i have a basic knowledge of what to do here is what i think would work if($aboutme) { $aboutme = str_replace('<?', '...', $aboutme); $aboutme = str_replace('?>', '...', $aboutme); } but thats probly wrong. thanks! Quote Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/ Share on other sites More sharing options...
quickstopman Posted May 16, 2007 Author Share Posted May 16, 2007 ok on second thought i now what i did wrong sorry guys Quote Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/#findComment-254132 Share on other sites More sharing options...
warewolfe Posted May 16, 2007 Share Posted May 16, 2007 Hi, Just in case you come back to check this thread. $some_string = htmlentities($some_string,ENT_QUOTES); would be more secure than a string_replace. Quote Link to comment https://forums.phpfreaks.com/topic/51595-solved-str_replace-help/#findComment-254152 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.