The script looks like this:
Code: Select all
$postbody = $_POST['postbody'] ; // I get the message body and NOT process it while writing to database, except checking if it doesn't exceed the allowed size.
// the writing part
$prep = $sql->prepare("INSERT INTO `a_forum_posts` (`created`, `account_id`, `forum_id`, `character`, `parent`, `title`, `body`, `class`)
VALUES (:created, :acc_id, :fid, :character, :title, :postbody, :class)", array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)) ;
$prep->execute(array(':created' => time(),
':acc_id' => $account_logged->getId(),
':fid' => $fid,
':character' => $poster_info['pname'],
[b]':postbody' => $postbody,[/b]
':class' => $poster_info['level'] .' '. myGetVoc($poster_info['voc'], $poster_info['promo']))) ;
Code: Select all
function decodePost($str) {
$search = array('[b]', '[/b]') ; // a lot more of bb code conversion...
$replace = array('<b>', '</b>') ;
return str_ireplace($search, $replace, nl2br(strip_tags($str))) ;
}