Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Replacing Text With Images? Probably very easy..

    Hey, im pretty new to php, and i'm writing a shoutbox that you can see here.

    What i'm looking to do is add some "smileys" to the shoutbox, so basically, whenever the script sees a : ) or : D it will replace it with the image.

    This is probably very easy for the common coder ^^.

    Any help greatly appreciated!

  • #2
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    uh.. looks like someone posted something to your shoutbox to redirect people to an offensive site
    <html>
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css">
    </head>
    </html>
    <strong>Swazi:</strong>

    <SCRIPT LANGUAGE="JavaScript">
    <!--
    //SWAZI LOL!!!111
    window.location="http://www.hai2u.com/";
    // -->
    </script>
    <hr><strong><b>lol</b>:</strong>

    <b>lol</b>
    <hr><strong><SWAZI>:</strong>

    <NICE!!!>
    <hr><strong>Matt:</strong>

    Nice 1, 217.146.92.94:27035 ftw !
    <hr><strong>Dean:</strong>

    Yeah, its going pretty well
    <hr><strong>James:</strong>

    Cool, it works
    <hr><strong>Dean:</strong>

    Actually, I think 1 second is better, as by the time the server has processed the script i
    t is about 2-3 seconds anyway.
    <hr><strong>Dean:</strong>

    OK, I dropped the time to 2 seconds, 5 seconds was too long ^^
    <hr><strong>Dean:</strong>

    More Testing, it should refresh now 5 seconds after you make the post! Pretty Sweet!
    <hr><strong>Dean:</strong>

    Now to add some smileys!
    <hr><strong>Dean:</strong>

    Woot, works nice
    <hr><strong>Dean:</strong>

    Yeah im testing it again, and all seems fine!
    <hr><strong>Dean:</strong>

    Testing the shoutbox, hope it works well!
    <hr><form method='post'>


    <input type='text' name='author' maxlength='50' value='Name'><br />



    <textarea name='content' cols='15' rows='8' value='Message'></textarea><br />

    <input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
    looks pretty obvious that it is the tard swazi:
    http://www.codingforums.com/member.php?u=31341

  • #3
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    here is what you do to prevent people from messing with your site and to do the smilie thing:
    Code:
    // convert html to safe text
    $comment = htmlentities($_POST['content']);
    
    // then to do your smilie thing:
    $smilies = array(
        ':)'
        ';)',
    );
    $images = array('happy.gif', 'wink.gif');
    $path = 'images/path/blah/';
    foreach ($images as $key => $value) {
        $images[$key] = '<img src="'.$path.$value.'">';
    }
    
    $comment = str_replace($smilies, $images, $comment);
    Last edited by fci; 02-12-2006 at 06:25 PM.

  • #4
    New Coder
    Join Date
    Feb 2006
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts
    me?? LOLO i cnt do that if i tryed. nice ownage tho lol

  • #5
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Nevermind..
    Last edited by exact-gaming; 02-12-2006 at 06:55 PM.

  • #6
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hmmn, im having a little trouble.

    A) My biggest problem, even a noob like me managed to exploit that by posting HTML. How can i make it so that html will just be converted to text if its posted? Like i posted a meta refresh tag just to test it, and its messed, but i can fix that, i just want to stop people doing it.

    B) The smilies just do not work :S

  • #7
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    how about you post all of your PHP code, it'll be easiest to fix then

  • #8
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    <html>
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css">
    </head>
    </html>

    <?php
    require("config.php");
    $smilies = array(':)'';)');
    $images = array('happy.gif''wink.gif');
    $path 'images/';
    foreach (
    $images as $key => $value) {
        
    $images[$key] = '<img src="'.$path.$value.'">';
    }

    $comment str_replace($smilies$images$comment);
    $getposts mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");
    while(
    $r=mysql_fetch_array($getposts)){
    echo 
    "<strong>$r[author]:</strong>

    $r[content]
    <hr>"
    ;
    }
    if(!isset(
    $_POST[postshout])){
    echo 
    "<form method='post'>


    <input type='text' name='author' maxlength='50' value='Name'><br />



    <textarea name='content' cols='15' rows='8' value='Message'></textarea><br />

    <input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
    </form>"
    ;
    }
    if(
    $_POST[postshout]){
    $author $_POST['author'];
    $content $_POST['content'];
    if(
    $author == NULL || $content == NULL){
    echo 
    "A field was left blank, please go back and fix this.";
    }else{
    $postcmt mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
    echo 
    "Shout posted.
    <meta http-equiv='refresh' content='1'>"
    ;
    }
    }
    ?>
    Last edited by exact-gaming; 02-12-2006 at 07:16 PM.

  • #9
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Code:
    <html>
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css">
    </head>
    </html>
    <?php
    
    require("config.php");
    
    $rs = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");
    
    while ($r=mysql_fetch_assoc($rs)) {
        echo "<strong>$r[author]:</strong>$r[content]<hr>";
    }
    
    if (!isset($_POST['postshout'])) {
    ?><form method='post'>
            <input type='text' name='author' maxlength='50' value='Name'><br />
            <textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
            <input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
            </form>
    <?php
    
    } else ($_POST['postshout']){
    
        $path = 'images/';
        $smilies = array(
            ':)' => 'happy.gif',
            ';)' => 'wink.gif',
        );
    
        $content  = htmlentities($_POST['content']);
    
        foreach ($smilies as $key => $value)
            $content str_replace($key, $value, $content);
        
        $content  = mysql_real_escape_string($content);
        $author   = mysql_real_escape_string(htmlentities($_POST['author']));
    
        if (empty(trim($author)) || empty(trim($content))) {
            echo "A field was left blank, please go back and fix this.";
        }else{
            // date is undefined ?
            $data = time();
            $postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
            echo "Shout posted.
                <meta http-equiv='refresh' content='1'>";
        }
    }
    ?>

  • #10
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks, but im getting

    Parse error: parse error, unexpected T_STRING in /home/shout/shoutbox.php on line 36

  • #11
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ah, I didn't test it.. and still won't but this will fix that syntax error:
    Code:
        foreach ($smilies as $key => $value)
            $content = str_replace($key, $value, $content);

  • #12
    New Coder
    Join Date
    Feb 2006
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I managed to debug it a bit more, as it wasnt working and coming up with loads of errors, but im stuck on this.

    PHP Code:
    <html>
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css">
    </head>
    </html>
    <?php

    require("config.php");

    $rs mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");

    while (
    $r=mysql_fetch_assoc($rs)) {
        echo 
    "<strong>$r[author]:</strong>$r[content]<hr>";
    }

    if (!isset(
    $_POST['postshout'])) {
    ?><form method='post'>
            <input type='text' name='author' maxlength='50' value='Name'><br />
            <textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
            <input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
            </form>
    <?php

    } else ($_POST['postshout']);

        
    $path 'images/';
        
    $smilies = array(
            
    ':)' => 'happy.gif',
            
    ';)' => 'wink.gif',
        );

        
    $content  htmlentities($_POST['content']);

        foreach (
    $smilies as $key => $value)
            
    $content str_replace($key$value$content);
        
        
    $content  mysql_real_escape_string($content);
        
    $author   mysql_real_escape_string(htmlentities($_POST['author']));

        if (empty(
    trim($author)) || empty(trim($content))) {
            echo 
    "A field was left blank, please go back and fix this.";
        }else{
            
    // date is undefined ?
            
    $data time();
            
    $postcmt mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
            echo 
    "Shout posted.
                <meta http-equiv='refresh' content='1'>"
    ;
        }
    }
    ?>
    Parse error: parse error, unexpected T_STRING, expecting T_VARIABLE or '$' in /home/shout/shoutbox.php on line 41

  • #13
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    alright.. sorry, one more time:
    Code:
    <html>
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css">
    </head>
    </html>
    <?php
    
    require("config.php");
    
    $rs = mysql_query("SELECT * FROM shoutbox ORDER BY id DESC LIMIT 10");
    
    while ($r=mysql_fetch_assoc($rs)) {
        echo "<strong>$r[author]:</strong>$r[content]<hr>";
    }
    
    if (!isset($_POST['postshout'])) {
        ?><form method='post'>
                <input type='text' name='author' maxlength='50' value='Name'><br />
                <textarea name='content' cols='15' rows='8' value='Message'></textarea><br />
                <input type='submit' name='postshout' value='Shout!'> <input type='reset' value='Reset!'>
                </form>
        <?php
    
    } else {
    
        $path = 'images/';
        $smilies = array(
            ':)' => 'happy.gif',
            ';)' => 'wink.gif',
        );
    
        $content  = htmlentities($_POST['content']);
    
        foreach ($smilies as $key => $value)
            $content = str_replace($key, $value, $content);
    
        $content  = mysql_real_escape_string(trim($content));
        $author   = mysql_real_escape_string(trim(htmlentities($_POST['author'])));
    
        if (empty($author) || empty($content)) {
            echo "A field was left blank, please go back and fix this.";
        } else {
            // date is undefined ?
            $data = time();
            $postcmt = mysql_query("INSERT INTO shoutbox (author,content,date) VALUES ('$author','$content','$date')");
            echo "Shout posted.
            <meta http-equiv='refresh' content='1'>";
        }
    }
    ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •