Right i have this code so far;


<?php

// This gets the information from the form
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];

// This takes the smiley code in the message and turns it into a smiley
$code = array(
'/:\)/',
'/:P/',
'/:D/'
);

$image = array(
'<img src="smileys/smile.gif">',
'<img src="smileys/razz.gif">',
'<img src="smileys/biggrin.gif">'
);
$formatted = preg_replace($code, $image, $message);

if(empty($name) OR empty($message))
{
echo "Please fill it out the name,website or message field.";
}
else
{
// Set up how it's going to be displayed.
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");

// Gather the data currently in the file
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);

// Open the file and write the tag to it
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}

// Refresh!
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";

?>

I need someone to insert a code so HTML is disable so people cannot type in HTML

id change your meta redirect to a header redirect, that way it causes no back button issues and is cleaner.

Easyest way to filter html is the lazymans way, aka use on of phps built in functions

htmlspecialchars()

so

$message = htmlspecialchars($message);

is the kinda of thing u want

Thanks will try.

Edit: OK Doesn't work, or can someone put entors script into my code, thanks.

Try



<?php

// This gets the information from the form
$name = $_POST['name'];
$website = $_POST['website'];
$message = $_POST['message'];

// This takes the smiley code in the message and turns it into a smiley
$code = array(
'/:\)/',
'/:P/',
'/:D/'
);

$image = array(
'<img src="smileys/smile.gif">',
'<img src="smileys/razz.gif">',
'<img src="smileys/biggrin.gif">'
);
$formatted = preg_replace($code, $image, $message);

if(empty($name) OR empty($message))
{
echo "Please fill it out the name,website or message field.";
}
else
{
// Set up how it's going to be displayed.
$message = htmlspecialchars($message);
$tag = ("<font size=\"1\" face=\"Verdana\">
<b>$name</b>: $message </font><br><br>");

// Gather the data currently in the file
$read = fopen("content.txt", "r");
$contents = fread($read, filesize('content.txt'));
fclose($read);

// Open the file and write the tag to it
$write = fopen("content.txt", "w");
fwrite($write, "$tag $contents");
fclose($write);
}
// Refresh!
print "<meta http-equiv=\"refresh\" content=\"0;shoutbox.php\">";

?>

YESSSSSSSSSS!!!!!
YESSSSSSSSSSSSSSSSSSSSS!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!

IT WORKS!!!!!!!!!!!!!! YEEEEEEEEEEEEEEEEEEEEEEEES!!!!!!!!!!!!!!!!!!!!!!!! !!

WOOOOOOOOOOOOOOOOHOOOOOOOOOO *KISSES FUJITSU* WOOOOOOOHOOOOOOOOOOOOOOOOOOOOOO

Lol I just tested it on your shoutbox and yep it works. Thanks to Mentor for the code and me for putting it in ;) :p

Yeah! Go say something now look what i made happen when a message is entered.. And when you leave a field blank..

Why, when I send a message with a blank or not blank fields, when I press submit it refreshes the alert like loads of times. I have to keep hold of enter and click google toolbar to get off it!

o.0 *Makes Longer* Dunno but ah well.

And it says. Thanks for your message Fujitsu, then alerts please enter name and message loads of times.

Hmmmmmmmmmmmmmmmmm

Now I think the site has crashed, it wont load.

I normally do something like this when inserting values using SQL:


function PrepareSQLIn($val, $type, $defval = "", $notdefval = "")
{
$val = (!get_magic_quotes_gpc()) ? addslashes($val) : $val;

switch ($type) {
case "text":
$val = ($val != "") ? "'" . $val . "'" : "NULL";
break;
case "long":
case "int":
$val = ($val != "") ? intval($val) : "NULL";
break;
case "double":
$val = ($val != "") ? "'" . doubleval($val) . "'" : "NULL";
break;
case "date":
$val = ($val != "") ? "'" . $val . "'" : "NULL";
break;
case "def":
$val = ($val != "") ? $defval : $notdefval;
break;
}
return $val;
}

//Make the SQL query

$SQLQuery = sprintf("UPDATE something SET `value`=%s WHERE somethingelse=%s",
PrepareSQLIn($var1, "inserttypehere"),
PrepareSQLIn($var2, "inserttypehere"));




Feel free to use it if you give me credit ^_^

Tom i dont use a MySQL Database