Can someone please show me how it how I need to word it?

I'm not exactly sure what you mean by this, but what you have looks pretty good. There's two things I would change. Firstly, you are being excessive by testing to see if the length is 0, as you already account for that if the length is less than 10. So you can remove that whole section:

#remove the following
if (strlen($comment) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid comment</font></p>");
}

The other thing is, I would put the spam message within the if statement. Something like this:

foreach ($blacklist as $word) {
if (strpos(strtolower($message), strtolower($word)) { // this is spam
$spam = true;
print 'Thank you for your spam - erm - message.';
break;
}
}
# an of course take the print out after this

Other than that, what you have is pretty good, although it is not allowing certain words, variations to words such as v1agra will still allow the email to be sent. It is difficult to account for every possibility, however. If this does not answer your question, then can you please elaborate on your problem? :)

Best of luck!

Thanks.

Just need to know where it goes now! I currently have it looking like this (and its not working!) Please help if you can.

// Receiving variables
@$number = addslashes($_POST['number']);
@$email2 = addslashes($_POST['email2']);
@$comment = addslashes($_POST['comment']);
@$name = addslashes($_POST['name']);
@$email = addslashes($_POST['email']);
@$country = addslashes($_POST['country']);
$spam = false; $blacklist = array('viagra','porn','seo');

// Validation
if (strlen($comment) <=10)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid comment</font></p>");
}

foreach ($blacklist as $word) {
if (strpos(strtolower($comment), strtolower($word)) {$spam = true;
print 'Thank you for your spam - erm - message.';
break;
}
}

if (strlen($name) <=2) (etc, etc)

Have you turned error reporting up? Are you receiving any errors? Or do you think it is strictly a logical error? I don't see anything wrong (I am a little tired though ;))

Parse error: parse error, unexpected '{' in /htdocs/sendemail.php on line 89

(which is line "if (strpos(strtolower($comment), strtolower($word)) {$spam = true;")

Ahh, I see. You are missing a parenthesis:

if (strpos(strtolower($comment), strtolower($word))) { $spam = true;

And your closing brace should also be a parenthesis:

{$spam = true;")

should be:

{$spam = true;"}

dc

Thanks.

It doesn't throw up the error message anymore, but it still posts to my database, which I don't want to happen. Heres the code I use at the moment - I presume I neeed a if clause or something? (not big on php / mysql).

//saving record to MySQL database

@$pfw_strQuery = "INSERT INTO `table`(`email2`,`comment`,`name`,`email`,`country`)VALUES (\"$email2\",\"$comment\",\"$name\",\"$email\",\"$country\")" ;
@$pfw_host = "mysql10.host.net";
@$pfw_user = "mysql1";
@$pfw_pw = "password";
@$pfw_db = "mysql1";
$pfw_link = mysql_connect($pfw_host, $pfw_user, $pfw_pw);
if (!$pfw_link) {
die('Could not connect: ' . mysql_error());
}
$pfw_db_selected = mysql_select_db($pfw_db, $pfw_link);
if (!$pfw_db_selected) {
die ('Can not use $pfw_db : ' . mysql_error());
}

I've also created such a bad word filter for my guestbook. From each string to be tested I removed all characters except a-z and converted to lowercase. So e.g. V I A G R A is also found as also spaces, newlines, digits etc are removed.

/* only keep letters */
$Message = strtolower(preg_replace("/[^a-zA-Z]+/","",$Message));

To detect word variations like v1agra, also the i, o and l should be removed from the message. And also should they be removed from the words in the blacklist array.
I did not implement this word variation detection yet, I will when I see excessive use of those variations.

Can anyone help me so that the spam messages aren't posted into the database?

Thanks

When you have detected that the message is a spam message ($spam == TRUE) don't do the insert in the database.

if (!$spam)
{
/* put the insert code in here from your previous post */
}