Page 1 of 1

Need Help with signature code

Posted: Thu Jun 25, 2009 2:18 pm
by cdoyle
Hi,

I thought I had this right, but I don't think I do.

I'm using ADODB for our game, and I created a page where users can load a signature to display on their profile.
So here is how we insert the sig into the db

Code: Select all

$addsig = $db->execute("UPDATE `players` SET `signature`=? WHERE `id`=?", array($sig, $player->id));
and this is how I display it on the page

Code: Select all

 echo stripslashes(htmlentities($profile['signature'], ENT_QUOTES ));
I thought this would remove the harmful stuff people could put in their sigs, but today I noticed someone put a URL in their sig and the slashers were still there.

What is the proper way to get input from users and to display it.

Thanks

Re: Need Help with signature code

Posted: Sat Jun 27, 2009 4:10 pm
by Darhazer
stripslashes actually strips backslashes (\)
So what is your goal, you don't want URL's to be displayed in the signature?