m8t Posted August 5, 2009 Report Share Posted August 5, 2009 (edited) tātad, es veidoju forumu. Pašlaik rakstu veidošana, kā arī komentāru pievienošana strādā, bet tik tiko saskāros ar problēmu - jebkurš lietotājs var postot html kodus savā tekstā. Vai ir kāds veids, kā atbrīvoties no html kodiem? pašreizējais teksta apstrādes kods izskatās šādi: $action = $_GET['action']; if($action == 'create') { if(trim($_SESSION['username']) != "") { //parbaudam vai lietotajs ir ielogojies if($a_5 == 1) { //atlaujam/neatlaujam lietotajam postot foruma $query = "SELECT * FROM {$tblprefix}users WHERE username='{$_SESSION['username']}'"; $run = mysql_query($query); while($row = mysql_fetch_array($run)) { $uid = $row['id']; // iegustam lietotaja id } $topic = $_POST['topic']; $text = $_POST['txt']; $topic = stripslashes($topic); $text = stripslashes($text); $topic = mysql_real_escape_string($topic); $text = mysql_real_escape_string($text); if(trim($topic)!="" && trim($text)!="") { mysql_query("INSERT INTO {$tblprefix}forums SET text='{$text}', topic='{$topic}', made_by='{$uid}'"); if(mysql_affected_rows() > 0) { echo $g1; ?> <meta HTTP-EQUIV="REFRESH" content="3; url=index.php"> <? } else { echo $g2; ?> <meta HTTP-EQUIV="REFRESH" content="6; url=index.php"> <? } } else { echo $g3; } } else { echo $g5; } } else { echo $g6; } Edited August 5, 2009 by m8t Quote Link to comment Share on other sites More sharing options...
rausis Posted August 5, 2009 Report Share Posted August 5, 2009 pie izvades: htmlspecialchars Quote Link to comment Share on other sites More sharing options...
m8t Posted August 5, 2009 Author Report Share Posted August 5, 2009 Lielum lielais paldies! :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.