Independent
20-06-2008, 08:17 PM
Never mind, sorted out..
function bbcode($string) {
$string = str_replace('', "<b>", $string);
$string = str_replace("", "</b>", $string);
$string = str_replace("", "<u>", $string);
$string = str_replace("", "</u>", $string);
$string = str_replace("", "<i>", $string);
$string = str_replace("", "</i>", $string);
$string = str_replace("", "<strike>", $string);
$string = str_replace("", "</strike>", $string);
return $string;
}
I grabbed that from powerpanel as I was testing if that works for BBCode, yet it doesn't due to my functions which clean.. but when a person updates their profile Which also uses the clean function they can bypass the > and < which changes it to > and the otherside..
function silence($string)
{
$string = htmlspecialchars( $string, ENT_QUOTES );
if( get_magic_quotes_gpc( ) ) {
$string = stripslashes( $string );
}
$string = str_replace( "\"", "", $string );
$string = str_replace( "<", "<", $string );
$string = str_replace( ">", ">", $string );
$string = mysql_real_escape_string( $string );
return $string;
}
Any help please? (I want to make my BBCode work :P
Never mind, sorted out.
function bbcode($string) {
$string = str_replace('', "<b>", $string);
$string = str_replace("", "</b>", $string);
$string = str_replace("", "<u>", $string);
$string = str_replace("", "</u>", $string);
$string = str_replace("", "<i>", $string);
$string = str_replace("", "</i>", $string);
$string = str_replace("", "<strike>", $string);
$string = str_replace("", "</strike>", $string);
return $string;
}
I grabbed that from powerpanel as I was testing if that works for BBCode, yet it doesn't due to my functions which clean.. but when a person updates their profile Which also uses the clean function they can bypass the > and < which changes it to > and the otherside..
function silence($string)
{
$string = htmlspecialchars( $string, ENT_QUOTES );
if( get_magic_quotes_gpc( ) ) {
$string = stripslashes( $string );
}
$string = str_replace( "\"", "", $string );
$string = str_replace( "<", "<", $string );
$string = str_replace( ">", ">", $string );
$string = mysql_real_escape_string( $string );
return $string;
}
Any help please? (I want to make my BBCode work :P
Never mind, sorted out.