strip_tags() help
Posted: Thu Jul 12, 2007 5:46 pm
feyd | Please use
databaseadd.php
Where should i add the strip_tags() function? I am new to php if you haven't guessed!
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hello all, nice to meet you!
I've tried putting this in my strings but it's not working. Can anyone show me where i would put it?
The code is for a simple blog that uses a form to send data to the database. Blogform.php then reads from the database.
blogform.phpCode: Select all
<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//Isnt working
$name = strip_tags($name);
$title = strip_tags($title);
$entry = strip_tags($entry);
//Isnt working
if ($dbc = @mysql_connect ('localhost', 'XXXXXX', 'XXXXXXX)) {
if (!@mysql_select_db ('XXXXXX'))
{
die ('<p>clould not select database because: <b>' . mysql_error() . '</b></p>');
}
} else {
die ('<p>clould not connect to mysql because: <b>' . mysql_error() . '</b></p>');
}
// define query
$query = 'SELECT * FROM XXXXentries ORDER BY XXXXXid DESC LIMIT 10';
if ($r = mysql_query ($query)) {
while ($row = mysql_fetch_array ($r)) { print "<p><b>{$row['title']}</b> by {$row['name']}<br />
<br />
{$row['entry']}<br />
<br />
<small>Entry No. {$row['xxxxxid']}</small>
<div class='dottedline'></div>
</p>\n";
}
} else {
die ('<p>could not retrive data because: <b>' . mysql_error() . "</b>. the query was $query.</p>");
}
mysql_close();
?>Code: Select all
<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
//doesnt work, where should it go?
$name = strip_tags($name);
$title = strip_tags($title);
$entry = strip_tags($entry);
$xxxxx = strip_tags($XXXXXid);
$row = strip_tags($row);
$query = strip_tags($query);
//doesnt work, where should it go?
if (isset ($_POST['submit'])) {
if ($dbc = @mysql_connect ('localhost', 'XXXXXXX', 'XXXXXXXX')) {
if (!@mysql_select_db ('XXXXXX'))
{
die ('<p>clould not select database because: <b>' . mysql_error() . '</b></p>');
}
} else {
die ('<p>clould not connect to mysql because: <b>' . mysql_error() . '</b></p>');
}
$query = "INSERT INTO XXXXXXentries (XXXXXXid, name, title, entry)
VALUES (0, '{$_POST['name']}', '{$_POST['title']}', '{$_POST['entry']}')";
$name = $_POST['name'];
if (@mysql_query ($query)) {
print "<p>Your blog entry has been added successfully, $name.<br /><strong>Click <a href='XXXX'>here</a> to go back</strong></p>";
} else {
print "<p>clould not add entry because: <b>" . mysql_error() . "</b>. The query was $query. <a href='XXXXX'>Click Here to go back!</a></p>";
}
mysql_close();
}
?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]