else if (strpos($name, "<""))

The multiple double quotes is killing it. Though, I also don't see the need for the looping of str_replace. It's replace eveything it finds tat matches in the variable without a loop.

Ok, I'll remove the double quotes, I got this as an example from the php.net function manual.

As you can tell, I don't know what I'm doing really, lol.

I've tried doig the code below, but it won't take any post at all. However, the script doesn't give me a error. I don't know how to do this, how can I keep people from using the arrow tags?

  if (strpos($name, "<'")){ 
   do{ 
       $name = str_replace("<'", "'", "$name"); 
     } while(strpos($name, "<'")); 
     } else if (strpos($name, "<")); {
       $name = str_replace('<', '[', "$name");  } return($name);

  if (strpos($mess, "<'")){ 
   do{ 
       $mess = str_replace("<'", "'", "$mess"); 
     }while(strpos($mess, "<'")); 
     }else if (strpos($mess, "<")){ 
       $mess = str_replace('<', '|', "$mess"); } return($mess);

You're code is a bit confusing. Seems like you're overthinking it.

// this whole block
if (strpos($name, "<'")){ 
   do{ 
       $name = str_replace("<'", "'", "$name"); 
     } while(strpos($name, "<'")); 
     } else if (strpos($name, "<")); {
       $name = str_replace('<', '[', "$name");  } return($name);

//could be this
$name = @str_replace("<'","'",$name);
$name = @str_replace("<","[",$name);

The @ will supress the errors of not finding it, though you could still do the strpos check if you want. Though, I have to wonder why you just don't use [man]htmlentities[/man]....

See, what I'm using is a simple post submission, sending it to a text File, and then displaying it on a table, like a cheap "shout box", and I'm out of SQL databases, only allowed so many. So, I'm turning to submitting it to a text file. The thing is, I need to make it safe obviously, so I need to remove the arrow tags, so html can't be executed.

<?php
// Define and remove backslashes
$out = fopen("posts.txt", "a");

$mess = stripslashes($mess);
$name = stripslashes($name);

// if the file could not be opened for whatever reason, print 
// an error message and exit the program
if (!$out) {
    print("Could not append to file, please contact the [email]webmaster@blah.net[/email]");
    exit;
}
// fputs writes output to a file.  the syntax is where to write
// followed by what to write
fputs($out,"<b>[ $name ]:</b>\t $mess\n<hr size=1 color=#000000 noshade>\n");
fclose($out);
?>

Can Include this (the htmlentitles) you pointed me to, in the script above?

function myhtmlentities($str) {

   $tbl=get_html_translation_table(HTML_ENTITIES);

   unset ($tbl["<"]);
   unset ($tbl[">"]);
   unset ($tbl["'"]);
   unset ($tbl['"']);

   $tbl["“"]="&quot;";
   $tbl["”"]="&quot;";
   $tbl["…"]="...";
   $tbl["—"]="-";
   $tbl["»"]="&raquo;";
   $tbl["«"]="&laquo;";

   return str_replace(array_keys($tbl),array_values($tbl),$str);

}

Or is the a simpler way? Thank you greatly for your help.

-- Derrick

Problem Solved, thanks to all whom helped!

-- Derrick