[webdevised]

i need help editing this code so that it will strip some html and javascript codes.

Process code

PHP Code:

<?

$reload = false; // ini var

if (me('id') == $_GET["id"]){

    echo "<br><br><br><center><span class=\"topic-gray\">##pages.comments.send:error1##</span></center>";

    $reload = true;

    reload("3", "?L=users.profile&id={$_GET["id"]}");

}

elseif (me('id') == '') {

    echo "<br><br><br><center><span class=\"topic-gray\">##pages.comments.send:error2##</span></center>";

    $reload = true;

    reload("3", "?L=users.profile&id={$_GET["id"]}");

}

else{



    if (isset($_POST["submit"])) {



        $msg = $_POST["message"];

        $strippedmsg = substr($msg, 0,300);

            mysql_query("INSERT INTO `match_comments` (`from`,`to`,`comment`,`date`) VALUES

                ('".me('id')."','{$_GET["id"]}','{$strippedmsg}','".date("U")."')") or die(mysql_error());

            echo "<br><br><br><center><span class=\"topic-gray\">##pages.comments.send:comment##</span> <span class=\"topic-green\">##pages.comments.send:sent##</span></center>";



    $user = mysql_fetch_array(mysql_query("SELECT * FROM `match_users` WHERE `id`='{$_GET["id"]}'"));

            



            {

            $headers = "From: NoReply@\r\n" .

            'X-Mailer: PHP/' . phpversion() . "\r\n" .

            "MIME-Version: 1.0\r\n" .

            "Content-Type: text/html; charset=utf-8\r\n" .

            "Content-Transfer-Encoding: 8bit\r\n\r\n";

            $email = $user["email"];

            $suname = me('username');

            $subject = "$suname posted a new comment about you on YOURSITENAME";

            $message = "<p>You have been sent a new message from someone.";

            mail($email,$subject,$message,$headers);

            }  // Email mod



            $reload = true;

            reload("1", "?L=users.profile&id={$_GET["id"]}");



    }





    if (!$reload) {

        $handle = fopen("theme/".gen('theme')."/templates/pages/comments_send.tpl", "r");

        $template = fread($handle, 1024*1024);

        

        $template = str_replace("{{message}}", "", $template);

        $template = str_replace("{{smilestable}}", smilestable("msgfrm", "message", 2), $template);

        

        echo $template;



    }

}

Textarea page

Code:

<style type="text/css">
<!--
.maintable {
	border: 1px solid #000000;
}
body,td,th {
	color: #999999;
	font-family: Arial, Helvetica, sans-serif;
	font-size: 10px;
}
body {
	background-color: #E8F2BE;
}
.topic-gray {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
	font-weight: bolder;
	color: #666666;
}
.topic-green {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
	font-weight: bold;
	color: #B9DC3A;
}
.copyright {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 9px;
}
.friendsbox {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 9px;
	border: 1px solid #999999;
}
.minihead-gray {
	color: #666666;
}
.minihead-green {
	color: #B9DC3A;
}
.loginfields {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 9px;
	border: 1px solid #666666;
}
a:link {
	color: #0066FF;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
	color: #0066FF;
}
a:hover {
	text-decoration: underline;
	color: #0066FF;
}
a:active {
	text-decoration: none;
	color: #0066FF;
}
-->
</style>
<SCRIPT LANGUAGE="JavaScript">
// function parameters are: field - the string field, count - the field for remaining characters number and max - the maximum number of characters
function CountLeft(field, count, max) {
// if the length of the string in the input field is greater than the max value, trim it
if (field.value.length > max)
field.value = field.value.substring(0, max);
else
// calculate the remaining characters
count.value = max - field.value.length;
}
</script>
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
  <tr bgcolor="#999999">
    <td colspan="2"><img src="images/spacer.gif" width="1" height="1"></td>
  </tr>
  <tr bgcolor="#F7F7F7">
    <td style="padding-left:5px;"><p><span class="topic-gray">##pages.messages.send:sendnew## </span> <span class="topic-green">##templates.tables.comments:comment##</span></p></td>
    <td align="right" style="padding-left:5px;">&nbsp;
    </td>
  </tr>
  <tr bgcolor="#999999">
    <td colspan="2"><img src="images/spacer.gif" width="1" height="1"></td>
  </tr>
</table>
<br>
<table width="100%"  border="0" cellspacing="3" cellpadding="0"><form method="post" enctype="multipart/form-data" name="msgfrm">
  <tr>
    <td valign="top" class="minihezxad-gray"><p>##templates.pages.messages_send:message##:</p>
      <p>{{smilestable}}</p></td>
    <td width="26%">
	<input type="image" border="0" style="border: 0px none #FFFFFF;"  src="images/richtext/bold.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'[BOLD]'; this.value='on'; message.focus(); } else { message.value=message.value+'[/BOLD]'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;"  src="images/richtext/italic.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'[ITALIC]'; this.value='on'; message.focus(); } else { message.value=message.value+'[/ITALIC]'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;" src="images/richtext/underline.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'[UNDERLINE]'; this.value='on'; message.focus(); } else { message.value=message.value+'[/UNDERLINE]'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;" src="images/richtext/center.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'
'; this.value='on'; message.focus(); } else { message.value=message.value+'
'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;" src="images/richtext/email.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+''; this.value='on'; message.focus();...essage.value+''; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;" src="images/richtext/image.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'[IMAGE]'; this.value='on'; message.focus(); } else { message.value=message.value+'[/IMAGE]'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<input type="image" border="0" style="border: 0px none #FFFFFF;" src="images/richtext/url.gif" value="off" onClick="if (this.value!='on') { message.value=message.value+'[LINK]'; this.value='on'; message.focus(); } else { message.value=message.value+'[/LINK]'; this.value='off'; message.focus(); } return false; ">&nbsp;
	<br>##pages.comments:note##
	
    <textarea name="message" cols="80" rows="15" id="message" onkeydown="CountLeft(this.form.message,this.form.left,300);" onkeyup="CountLeft(this.form.text,this.form.left,50);"></textarea>
##pages.comments:counter##&nbsp;
<input readonly type="text" name="left" size=3 maxlength=3 value="300">
</font>
    caracteres<br></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input name="submit" type="submit" id="submit3" value="##templates.pages.messages_send:submit##"></td>
  </tr></form>
</table>

[nova912]

http://www.programmingtalk.com/showthread.php?t=15024

Read the first suggestion and get back to us with something less vague...

[webdevised]

sorry. this is a code that i have on a message board. it sends a message to the user. the bottom code is the code that has the message textarea form where the other user sends the message. the top code is the code that process the form. i need help editing the code(s) so that when a user send a message it takes out some html codes ex: <img <iframe <?php <? <script... ETC.. Like myspaces comment page..

thanks a head of time.

[nova912]

Quote:

Originally Posted by webdevised

sorry. this is a code that i have on a message board. it sends a message to the user. the bottom code is the code that has the message textarea form where the other user sends the message. the top code is the code that process the form. i need help editing the code(s) so that when a user send a message it takes out some html codes ex: <img <iframe <?php <? <script... ETC.. Like myspaces comment page..

thanks a head of time.

look into strip_tags(); and htmlentities(); that should slove most of your problem. For the javascript issue i would suggest

PHP Code:

$var = str_ireplace('javascript','[[javascript]]',$var);

$var = str_ireplace('onclick','[[javascript]]',$var);

$var = str_ireplace('mouseover','[[javascript]]',$var);

$var = str_ireplace('onmouseout','[[javascript]]',$var);

// Etc Etc.. all of the triggers. 

[End User]

"Help with Stripping"

Dang, I read the title and was hoping it was a hot babe that needed assistance taking off some clothes.