homepage Welcome to WebmasterWorld Guest from 54.205.236.46
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
trying to validate input string
weddingm




msg:4460225
 2:44 am on Jun 1, 2012 (gmt 0)

Hello all,

I am trying to validate an input string. If the input string contains a word, I want to deny it.

I have the following code but it is not stopping it. I have others that do work so I know the rest is ok.

if (strpos($value, "essay")) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your name is noted as spammy.</font></center><br>";}


Please help

 

weddingm




msg:4460236
 3:16 am on Jun 1, 2012 (gmt 0)

got it!

if (strpos($value, "essay") !==false) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your comment is noted as spammy.</font></center><br>";}

rocknbil




msg:4460423
 4:28 pm on Jun 1, 2012 (gmt 0)

Why are you using 1995 deprecated and non-semantic html?

echo '<p style="margin:auto; color:red;">Your comment is noted as spammy.</p>';

It does matter.

Anyway you are likely to have several such words and this list will change over time, I suggest a global list somewhere as a configuration . . .

$badwords = array {
'bad1',
'bad phrase',
'another bad phrase'
};
//
if (check_input($_POST['comments'],$badwords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>";
exit;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (strpos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}


Of course strpos doesn't check for CasEinSensItiviTy (stripos() DOES) and might miss attempts to hack around your filters, stripos or even preg_match would be a better choice.


if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}

incrediBILL




msg:4460908
 12:53 pm on Jun 3, 2012 (gmt 0)

Why are you using 1995 deprecated and non-semantic html?


That's like asking why people program in C vs C++ or C#

You go with what you know ;)

weddingm




msg:4463498
 1:53 am on Jun 10, 2012 (gmt 0)

I am trying to get your coding to work but am getting a fatal error.

$spammywords=array('forum','dissertation');
//
if (check_input($_POST['comments'],$spammywords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>';
$er=$er+1;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (stripos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}

rocknbil




msg:4464021
 5:03 pm on Jun 11, 2012 (gmt 0)

Well, any code posted here is typed on the fly for educational purposes only, and you didn't say what the error was.

Note that functions must go **outside** any logic blocks in the "root" context of the PHP script or you'll get "undefined function" (or, you could move the function to immediately before them being called but that's kinda dumb logic.)

Anyway, here's a tested working example, but couldn't get stripos to work. IMO it's not the right tool for what you're doing anyway.


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Untitled</title>
</head>
<body>
<?php
if ($_POST) {
$badwords = array (
'bad1',
'bad phrase',
'another bad phrase'
);
$errors=null;
//
foreach ($_POST as $key=>$value) {
if (check_input($value,$badwords)) {
$errors .= "<li style=\"list-style:none; color:red\">Spam detected in the $key field.</li>\n";
}
}
} // End if POST
// Function - must reside OUTSIDE logic blocks
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
// if (stripos($input, $phrase)===true) { // Note THREE
if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
}
return $spam;
} // end function
?>
<form method="post" action="input-test.php">
<?php if ($errors) { echo "<ul>$errors</ul>"; }?>
<p><label for="yourname">Your Name</label>:
<input type="text" name="yourname" id="yourname" value="bad1"></p>
<p><label for="comments">Comments</label>:
<textarea name="comments" id="comments" rows="3" cols="20">bad phrase</textarea></p>
<p><input type="submit" value="Test Me"></p>
</form>
</body>
</html>


Note how there's no hard coded references to the form fields in the validation portion.

weddingm




msg:4464228
 2:04 am on Jun 12, 2012 (gmt 0)

Ok, thank you!

weddingm




msg:4465707
 4:04 am on Jun 15, 2012 (gmt 0)

rockinbil, is there a different way you would recommend than above's code?

rocknbil




msg:4465914
 4:20 pm on Jun 15, 2012 (gmt 0)

Different in what way? That approach is expandable (you can add to or remove from the array as you need to,) compartmentalized and approaching OOP (the function accepts parameters and returns values,) the function can serve multiple purposes (for example, you can pass a different words array list to it to validate ordinary form data), and portable (the function can be moved into an include and used by multiple programs or scripts.) Not really sure what you mean.

weddingm




msg:4465932
 4:57 pm on Jun 15, 2012 (gmt 0)

rocknbil

you stated above that you have stripos but you included it in the code? Do you like as is or use different functions to catch the spam words?

rocknbil




msg:4466251
 2:42 pm on Jun 16, 2012 (gmt 0)

Ah. You can see the line for stripos is commented out and it's using preg_match, which is what I prefer (but that's just me.) I couldn't get stripos to work in this context. That is working code BTW.

weddingm




msg:4466296
 6:07 pm on Jun 16, 2012 (gmt 0)

I tried the code but get a fatal error

Fatal error: Call to undefined function check_input()

rocknbil




msg:4466765
 4:19 pm on Jun 18, 2012 (gmt 0)

From post #4464021? This can only mean one thing.

// Function - must reside OUTSIDE logic blocks


You have the function inside an if if/else block. I just retested it, appears to be working fine.

weddingm




msg:4466963
 12:17 am on Jun 19, 2012 (gmt 0)

thanks for the help....you're the BoMB

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved