homepage Welcome to WebmasterWorld Guest from 54.237.213.31
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
trying to validate input string
weddingm

5+ Year Member



 
Msg#: 4460223 posted 2:44 am on Jun 1, 2012 (gmt 0)

Hello all,

I am trying to validate an input string. If the input string contains a word, I want to deny it.

I have the following code but it is not stopping it. I have others that do work so I know the rest is ok.

if (strpos($value, "essay")) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your name is noted as spammy.</font></center><br>";}


Please help

 

weddingm

5+ Year Member



 
Msg#: 4460223 posted 3:16 am on Jun 1, 2012 (gmt 0)

got it!

if (strpos($value, "essay") !==false) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your comment is noted as spammy.</font></center><br>";}

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4460223 posted 4:28 pm on Jun 1, 2012 (gmt 0)

Why are you using 1995 deprecated and non-semantic html?

echo '<p style="margin:auto; color:red;">Your comment is noted as spammy.</p>';

It does matter.

Anyway you are likely to have several such words and this list will change over time, I suggest a global list somewhere as a configuration . . .

$badwords = array {
'bad1',
'bad phrase',
'another bad phrase'
};
//
if (check_input($_POST['comments'],$badwords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>";
exit;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (strpos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}


Of course strpos doesn't check for CasEinSensItiviTy (stripos() DOES) and might miss attempts to hack around your filters, stripos or even preg_match would be a better choice.


if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4460223 posted 12:53 pm on Jun 3, 2012 (gmt 0)

Why are you using 1995 deprecated and non-semantic html?


That's like asking why people program in C vs C++ or C#

You go with what you know ;)

weddingm

5+ Year Member



 
Msg#: 4460223 posted 1:53 am on Jun 10, 2012 (gmt 0)

I am trying to get your coding to work but am getting a fatal error.

$spammywords=array('forum','dissertation');
//
if (check_input($_POST['comments'],$spammywords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>';
$er=$er+1;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (stripos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4460223 posted 5:03 pm on Jun 11, 2012 (gmt 0)

Well, any code posted here is typed on the fly for educational purposes only, and you didn't say what the error was.

Note that functions must go **outside** any logic blocks in the "root" context of the PHP script or you'll get "undefined function" (or, you could move the function to immediately before them being called but that's kinda dumb logic.)

Anyway, here's a tested working example, but couldn't get stripos to work. IMO it's not the right tool for what you're doing anyway.


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Untitled</title>
</head>
<body>
<?php
if ($_POST) {
$badwords = array (
'bad1',
'bad phrase',
'another bad phrase'
);
$errors=null;
//
foreach ($_POST as $key=>$value) {
if (check_input($value,$badwords)) {
$errors .= "<li style=\"list-style:none; color:red\">Spam detected in the $key field.</li>\n";
}
}
} // End if POST
// Function - must reside OUTSIDE logic blocks
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
// if (stripos($input, $phrase)===true) { // Note THREE
if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
}
return $spam;
} // end function
?>
<form method="post" action="input-test.php">
<?php if ($errors) { echo "<ul>$errors</ul>"; }?>
<p><label for="yourname">Your Name</label>:
<input type="text" name="yourname" id="yourname" value="bad1"></p>
<p><label for="comments">Comments</label>:
<textarea name="comments" id="comments" rows="3" cols="20">bad phrase</textarea></p>
<p><input type="submit" value="Test Me"></p>
</form>
</body>
</html>


Note how there's no hard coded references to the form fields in the validation portion.

weddingm

5+ Year Member



 
Msg#: 4460223 posted 2:04 am on Jun 12, 2012 (gmt 0)

Ok, thank you!

weddingm

5+ Year Member



 
Msg#: 4460223 posted 4:04 am on Jun 15, 2012 (gmt 0)

rockinbil, is there a different way you would recommend than above's code?

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4460223 posted 4:20 pm on Jun 15, 2012 (gmt 0)

Different in what way? That approach is expandable (you can add to or remove from the array as you need to,) compartmentalized and approaching OOP (the function accepts parameters and returns values,) the function can serve multiple purposes (for example, you can pass a different words array list to it to validate ordinary form data), and portable (the function can be moved into an include and used by multiple programs or scripts.) Not really sure what you mean.

weddingm

5+ Year Member



 
Msg#: 4460223 posted 4:57 pm on Jun 15, 2012 (gmt 0)

rocknbil

you stated above that you have stripos but you included it in the code? Do you like as is or use different functions to catch the spam words?

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4460223 posted 2:42 pm on Jun 16, 2012 (gmt 0)

Ah. You can see the line for stripos is commented out and it's using preg_match, which is what I prefer (but that's just me.) I couldn't get stripos to work in this context. That is working code BTW.

weddingm

5+ Year Member



 
Msg#: 4460223 posted 6:07 pm on Jun 16, 2012 (gmt 0)

I tried the code but get a fatal error

Fatal error: Call to undefined function check_input()

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4460223 posted 4:19 pm on Jun 18, 2012 (gmt 0)

From post #4464021? This can only mean one thing.

// Function - must reside OUTSIDE logic blocks


You have the function inside an if if/else block. I just retested it, appears to be working fine.

weddingm

5+ Year Member



 
Msg#: 4460223 posted 12:17 am on Jun 19, 2012 (gmt 0)

thanks for the help....you're the BoMB

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved