Well, I am stumpped. I need an add on to my script that will dissalow '<' and '>' so it will prevent users from submiting html.
Here is my current script:
<?php
if ((!$USERNAME) || (!$PASSWORD) || (!$CONFIRM_PASSWORD))
{
echo "<font face=\"VERDANA,ARIAL,HELVETICIA\" size=\"1\">Error, your details could not be saved. <P>";
echo "Hit the BACK button on your browser and check you have filled in the ";
echo "<strong>user name, password</strong> and <strong>confirm password </strong> ";
echo "fields.<P>";
exit;
}
if ($PASSWORD != $CONFIRM_PASSWORD)
{
echo "<font face=\"VERDANA,ARIAL,HELVETICIA\" size=\"1\">Error, there is something wrong with your password. <P>";
echo "Hit the BACK button on your browser and re-enter the <strong>password</strong> ";
echo "and <strong>confirm password</strong> fields.<P>";
exit;
}
// create connection
$connection = mysql_pconnect("localhost", "ABC", "123")
or die ("Couldn't connect to server.");
// select database
$db = mysql_select_db("info", $connection)
or die ("Couldn't select database.");
// create SQL statement
$sql = "INSERT INTO register
VALUES ('$USERNAME', '$EMAIL', '$PASSWORD')";
// execute SQL query and get result
$sql_result = mysql_query($sql,$connection);
if (!$sql_result)
{
echo "<font face=\"VERDANA,ARIAL,HELVETICIA\" size=\"1\">Error, something funny here! <P>";
echo "Your details could not be saved. This can happen if someone has already ";
echo "entered this user name before. Hit the BACK button on your browser and try ";
echo "a different <strong>user name</strong>. <P>";
exit();
}
echo "<p ALIGN=\"center\"><strong><font face=\"VERDANA,ARIAL,HELVETICIA\" size=\"1\">
Welcome To NeoChat<br>Your account has been made.<br><br><p ALIGN=\"center\">Please Wait...</font></strong></p><p>";
echo "<font face=\"VERDANA,ARIAL,HELVETICIA\" size=\"1\">Hi, $USERNAME, thanks for registering.";
?>
Any ideas?
