[SOLVED] Messing up PHP

[Ell20]

Hi,

 

I have a messaging system where players can message each other in the game.

However if a player sends a message which contains --> there inbox dosent display correctly.

 

The code which sends the message to the database is:

 

$mailtext = addslashes(strip_tags($_POST['chat']));

 

Has anyone got any idea what I can do to stop this happening?

 

I have tried: - $mailtext = stripslashes(strip_tags($_POST['chat']));

                - $mailtext = stripslashes(trim($_POST['chat']))

 

But none of these combinations solved the problem.

 

Thanks for any help

 

Elliot

[Guest]

Try using htmlentities($_POST['chat'], ENT_QUOTES) for when it's displayed on a page, and use mysql_real_escape_string() when you are putting it into the db.

 

Addslashes lull developers into a false sense of security in this respect.

[kenrbnsn]

If you're sending the inputted text to a browser, you want to use the function htmentities() with the ENT_QUOTES option, not addslashes.

 

Ken

[Ell20]

So something like this:

 

$mailtext = htmentities(ENT_QUOTES($_POST['chat']));

 

Thanks

[Guest]

So something like this:

 

$mailtext = htmentities(ENT_QUOTES($_POST['chat']));

 

Thanks

 

ENT_QUOTES isn't a function, its a constant. It's meant to be used as such:

 

$text = htmlentities($_POST['chat'], ENT_QUOTES);

 

Also, to clarify, it's htmlentities, not htmentities (the L is crucial)

[Ell20]

thanks very much for your help, solved!