Jump to content

Is this secure enough?

Samurai Legend

Recommended Posts

I have been using this for awhile now to display the emojis when users send messages or comments etc.


$msg =
                    str_replace("\n", "<br />",
    if (strlen($msg) > 256) {
        ?>Sorry the comment is too large.<?php

    $codes = array(":::", ":--:", ":cool:", ":cry:", ":):", ":S:", ":horny:", ":-):", ":face:", ":O:", ":freeze:", ":s:", ":]:", ":|:", ":chill:", ":w/:", ":x:", ":red:", ":mwah:", ":roll:", ":p:", ":D:", ":/:", ":(:", ":q:", ":~#:", ":~~:", ":o.:", ":$:", ":@:", ":}:", ":P:", ":^:", ":;:", ":y:", ":n:");
    $images = array("<img src=/Game/images/emotions/alien.gif>",
                "<img src=/images/emotions/brainwash.gif>",
                "<img src=/images/emotions/cool.gif>",
                "<img src=/images/emotions/cry.gif>",
                "<img src=/images/emotions/delight.gif>",
                "<img src=/images/emotions/eek.gif>",
                "<img src=/images/emotions/evil.gif>",
                "<img src=/images/emotions/haha.gif>",
                "<img src=/images/emotions/facepalm.gif>",
                "<img src=/images/emotions/fat.gif>",
                "<img src=/images/emotions/freeze.gif>",
                "<img src=/images/emotions/fury.gif>",
                "<img src=/images/emotions/heh.gif>",
                "<img src=/images/emotions/hmm.gif>",
                "<img src=/images/emotions/ice.gif>",
                "<img src=/images/emotions/jawdrop.gif>",
                "<img src=/images/emotions/kiss.gif>",
                "<img src=/images/emotions/mad.gif>",
                "<img src=/images/emotions/mwah.gif>",
                "<img src=/images/emotions/nut.gif>",
                "<img src=/images/emotions/rasberry.gif>",
                "<img src=/images/emotions/razz.gif>",
                "<img src=/images/emotions/rolleyes.gif>",
                "<img src=/images/emotions/sad.gif>",
                "<img src=/images/emotions/scared.gif>",
                "<img src=/images/emotions/scream.gif>",
        "<img src=/images/emotions/shifty.gif>",
                "<img src=/images/emotions/shock.gif>",
                "<img src=/images/emotions/shy.gif>",
                "<img src=/images/emotions/sick.gif>",
                "<img src=/images/emotions/smile.gif>",
                "<img src=/images/emotions/tongue.gif>",
                "<img src=/images/emotions/weh.gif>",
                "<img src=/images/emotions/wink.gif>",
                "<img src=/images/emotions/yes.gif>",
                "<img src=/images/emotions/no.gif>");
    $newmsg = str_replace($codes, $images, $msg);


I feel as if this is outdated and has security flaws. Can some help me rewrite this or put me on the track to get this up to date. 


Link to comment
Share on other sites

Assume the facts:

  • Most players will play from mobile. The percentage will probably be 80% or more.
  • Some of the remaining 20% or so will be playing from an apple computer of some sort.
  • I don't use a windows system, so can't comment.

That means most of your users have emoji's built into their phones/computers that they are far more familiar with using.

Save the headaches - change the database field to an utf8mb4 (Enable multibyte (mb) support) type and let them use what they have.

Most people won't use any custom ones as much as the others because the subset we use is programmed into how we speak already - much like our spoken languages are.

  • Like 1
Link to comment
Share on other sites

3 hours ago, Samurai Legend said:

So, I just change the whole database type or is it the table type or something? And I am assuming they just add the emoji from the phone itself and it will just show on the messages so no additional coding is required? And for android users I am guessing it is the same?

You just change the collation of the field 

see screens

click change


then select that in screen "utf8mb4_general_ci"


then click save.


also on another note i personally use this to handle emoji https://github.com/joypixels/emoji-toolkit

has multiple libraries including php so you can convert unicode emoji to images or even shortcodes etc, makes life alot easier.

Edited by URBANZ
  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...