Galahad Posted March 11, 2011 Share Posted March 11, 2011 Is there anyway i could disable someone putting in html in a form that changes there name, location etc. as if they put <meta http-equiv="REFRESH" content="0;url=http://blah.com"> in the form it will make users redirect to a different page when they visit the players profile. Quote Link to comment Share on other sites More sharing options...
Maniak Posted March 11, 2011 Share Posted March 11, 2011 strip_tags(); htmlentities(); htmlspecialchars(); str_replace(); Quote Link to comment Share on other sites More sharing options...
Galahad Posted March 11, 2011 Author Share Posted March 11, 2011 strip_tags(); htmlentities(); htmlspecialchars(); str_replace(); Thanks but where do I place this? Quote Link to comment Share on other sites More sharing options...
Maniak Posted March 11, 2011 Share Posted March 11, 2011 In your preferences: $name = mysql_real_escape_string(strip_tags($_POST['name'])); OR $name = mysql_real_escape_string(htmlentities($_POST['name'])); OR $name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); OR $name = str_replace(array("<", ">"), array("",""), $_POST['name']); $name = mysql_real_escape_string($name); I don't tend to use str_replace so I may have given a bad example! Quote Link to comment Share on other sites More sharing options...
Galahad Posted March 11, 2011 Author Share Posted March 11, 2011 In your preferences: $name = mysql_real_escape_string(strip_tags($_POST['name'])); OR $name = mysql_real_escape_string(htmlentities($_POST['name'])); OR $name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); OR $name = str_replace(array("<", ">"), array("",""), $_POST['name']); $name = mysql_real_escape_string($name); I don't tend to use str_replace so I may have given a bad example! Strange, i put that in and it didn't seem to work. Just gives out a blank screen Quote Link to comment Share on other sites More sharing options...
Maniak Posted March 11, 2011 Share Posted March 11, 2011 I don't mean all of them; just 1 of them. PM me the file; and i'll do it for you :) Quote Link to comment Share on other sites More sharing options...
Galahad Posted March 11, 2011 Author Share Posted March 11, 2011 I don't mean all of them; just 1 of them. PM me the file; and i'll do it for you :) Yup i know, i tried putting in $name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); but no luck. The file is - http://pastebin.com/29hUGUn6 :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.