Hey, I wrote a very simple chat script and here's the code so far:
echo "<form action=chat.php method=post target=chat name=chat1>";
echo "<input type=hidden name=chat value=1>";
echo "Message: <input type=text name=chattext> ";
echo "<input type=button value=Send> [<a href=chat.php>refresh</a>]";
echo "<br><br>";
if($chat != "") {
mysql_query("INSERT INTO chat (name,msg,squad) VALUES ('$userinfo[username]','$chattext','')");
//$chatnum = mysql_num_rows(mysql_query("SELECT * FROM chat WHERE 1"));
//$chatdel = ($chatnum - 20);
//mysql_query("DELETE FROM chat WHERE 1 LIMIT 0,20");
}
$chatget = mysql_query("SELECT * FROM chat WHERE 1 ORDER BY time DESC LIMIT 0,15");
while($chatinfo = mysql_fetch_array($chatget)) {
echo "<b>$chatinfo[name]:</b> $chatinfo[msg]<br>";
}
now the problem I'm having is that some users are using HTML commands like <font color=#FFFFFF> to mess with the chat display, any way to prevent this?
