strip_tags() help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
moboman10
Forum Newbie
Posts: 1
Joined: Thu Jul 12, 2007 5:33 pm

strip_tags() help

Post by moboman10 »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello all, nice to meet you! 

I've tried putting this in my strings but it's not working. Can anyone show me where i would put it?

The code is for a simple blog that uses a form to send data to the database. Blogform.php then reads from the database.

blogform.php

Code: Select all

<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

//Isnt working
$name = strip_tags($name);
$title = strip_tags($title);
$entry = strip_tags($entry);
//Isnt working


if ($dbc = @mysql_connect ('localhost', 'XXXXXX', 'XXXXXXX)) {

if (!@mysql_select_db ('XXXXXX'))
{
	die ('<p>clould not select database because: <b>' . mysql_error() . '</b></p>');
}

} else {

	die ('<p>clould not connect to mysql because: <b>' . mysql_error() . '</b></p>');
}

// define query
$query = 'SELECT * FROM XXXXentries ORDER BY XXXXXid DESC LIMIT 10';

if ($r = mysql_query ($query)) {

while ($row = mysql_fetch_array ($r)) { print "<p><b>{$row['title']}</b> by {$row['name']}<br />
<br />
{$row['entry']}<br />
<br />
<small>Entry No. {$row['xxxxxid']}</small>
<div class='dottedline'></div>
</p>\n";
}

} else {

	die ('<p>could not retrive data because: <b>' . mysql_error() . "</b>. the query was $query.</p>");
}
mysql_close();
?>
databaseadd.php

Code: Select all

<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//doesnt work, where should it go?
$name = strip_tags($name);
$title = strip_tags($title);
$entry = strip_tags($entry);
$xxxxx = strip_tags($XXXXXid);
$row = strip_tags($row);
$query = strip_tags($query);
//doesnt work, where should it go?

if (isset ($_POST['submit'])) {

if ($dbc = @mysql_connect ('localhost', 'XXXXXXX', 'XXXXXXXX')) {

if (!@mysql_select_db ('XXXXXX'))
{
	die ('<p>clould not select database because: <b>' . mysql_error() . '</b></p>');
}

} else {

	die ('<p>clould not connect to mysql because: <b>' . mysql_error() . '</b></p>');
}

$query = "INSERT INTO XXXXXXentries (XXXXXXid, name, title, entry)
	VALUES (0, '{$_POST['name']}', '{$_POST['title']}', '{$_POST['entry']}')";

$name = $_POST['name'];

if (@mysql_query ($query)) {
	print "<p>Your blog entry has been added successfully, $name.<br /><strong>Click <a href='XXXX'>here</a> to go back</strong></p>";

} else {
	print "<p>clould not add entry because: <b>" . mysql_error() . "</b>. The query was $query. <a href='XXXXX'>Click Here to go back!</a></p>";
}
	mysql_close();

}

?>
Where should i add the strip_tags() function? I am new to php if you haven't guessed!


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You have a syntax error in your first code block. There is no quote around the last mysql_connect parameter.

And I think you want mysql_real_escape_string(), not strip_tags. Or am I wrong?
Post Reply