Stripping tags!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Stripping tags!!!

Post by Joe »

I have been trying to remove all html/script tags to prevent it from showing on the main news area. This is because my site was attacked and script was injected through the news area redirecting to another site. I have tried:

<?php
$link = mysql_connect("???", "???", "???");
mysql_select_db("???") or die("couldnt connect" . mysql_error());
$sql = "SELECT * FROM news ORDER BY ID";
$result = mysql_query($sql) or die(mysql_error());

while (true)
{
$row = mysql_fetch_assoc($result);
if ($row == false) break;
echo "<img src='news.gif' border=1>";
$headline = $row['headline'];
$username = $row['username'];
$mainnews = $row['mainnews'];

$headline1 = striptags($headline);
$username1 = striptags($username);
$mainnews1 = striptags($mainnews);

echo "<br><u><b>.:'$headline1':.<U></b> posted by '$username' <br>";
echo "'$mainnews'<br>";
echo "<hr color='white'>";
}
?>

Please help!

Regards


Joe 8)
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Re: Stripping tags!!!

Post by TheBentinel.com »

Code: Select all

$headline = $row['headline'];
  $username = $row['username'];
  $mainnews = $row['mainnews'];

  $headline1 = striptags($headline);
  $username1 = striptags($username);
  $mainnews1 = striptags($mainnews);

  echo "<br><u><b>.:'$headline1':.<U></b> posted by '$username' <br>"; 
  echo "'$mainnews'<br>"; 
  echo "<hr color='white'>";
Should your echo statements be using the $username1 and $mainnews1 variables? They are using the variables in their unstripped state.
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

i think your best bet owuld be to striptags() before you even insert intot he database.... And what was your actual question??

EDIT:: nice catch Bentinel!!
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

Oh ya i forgot. How stupid of me. The problem is that when i try the code out i get a mySQL error. So what should i do with the script.
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Post by TheBentinel.com »

Joe wrote:Oh ya i forgot. How stupid of me. The problem is that when i try the code out i get a mySQL error. So what should i do with the script.
What error do you get?

Often I find that if I take the most unique chunk of text from an error message and search on it in Google and/or google groups, I find some poor fool that's already faced and fixed my problem. Give that a go, too, nobody gets back to you faster than a web search!

[Thanks, Illusionist!]
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

I tried googling with no luck. The error is:

Fatal error: Call to undefined function: striptags() in /home/.sites/27/site244/web/index.php on line 228

Can anyone make anything from it?

Regards


Joe 8)
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Post by TheBentinel.com »

Joe wrote:Fatal error: Call to undefined function: striptags() in /home/.sites/27/site244/web/index.php on line 228
Sorry, I shoulda caught that earlier. The function is called "strip_tags"
http://us3.php.net/manual/en/function.strip-tags.php

It's worthy of note, though, that if you're getting an error message, you need to post the entire text of that message in the forum. I could've looked at "striptags()" for the rest of my life and not caught on that it was bad, but looking at the error, it's obvious.
Post Reply