Forum Moderators: coopster
I am wondering how would i detect and filter out naughty words from contact forms. I'm told by a computer programmer friend (who doesn't know php very well) that in perl it is
if($input ~= /naughtyword/) { return; or do nothing or whatever }
So i'm guessing php would be similiar?
Would it be best to set the filtered words first (into an array if arrays work like that?) and then check the content of the variable from the form for a match from the array. if so, the message is rejected.
I have other checks for wrong characters in place..so would i need to implement the checks into that or in a seperate check?
thanks
:)
$badwords = array('bad','word','and','bad','words');
then you can use str_replace(), check its syntax on php.net, and the function will strip-out all the bad words in one statement.
I cant get my head round how arrays and str_replace works and how to combine them. Well..i kinda get how arrays work, but not in this senario.
How do i check if the variable contains words from the array? I've looked over arrays and various pages on them at php.net but nothing i can see leads me to what i need...
:)
$newphrase = str_replace($bad, $filter, $phrase);
Hope this will help you to get started
But i cant get it to work.
Its not giving any errors..it seems to be ignoring the word check altogether.
I have this at the top of the script
// check for naughty words
$phrase = $_POST["comments"];
// set array with the bad words in
$badwords = array('hello', 'world', 'one', 'two');
// set what is used to replace the bad words
$filter = "****";
$comments2 = str_replace($badwords, $filter, $phrase);
Thank after some other checks, i have this
$comments2 = $_POST["comments"];
I have tried what seems to be every way to check the words..changing the variable names, but nothing has any affect. The 'badwords' keep getting thru but yet no errors. Just ignores this check completely...At the moment i'm only checking the one field to get it to work but to no avail. Is it the $_POST["comments"]; that messes it up although even without it in there, same result...i'm really confused..
$phrase = 'one bad in the world'; //$_POST["comments"];
// set array with the bad words in
$badwords = array('hello', 'world', 'one', 'two');
// set what is used to replace the bad words
$filter = "****";
// overwrite the original $phrase with the clean version
$phrase = str_replace($badwords, $filter, $phrase);
echo $phrase;
<edit>
You may want to think about using preg_replace as at the moment Hello or heLLo will get through your filter.
There are a lot of things that you could do, but at least it can make this case insensitive.
So using -
$badwords = array('...');
$filter = '****';
foreach ($badwords as $badword) {
$pattern = "%$badword%i";
$phrase = preg_replace($pattern, $filter, $phrase);
}
echo $phrase;
<edit2>
just above the line where you have -
$comments2 = $_POST["comments"];
echo $comment2 then echo it again below.
So
echo $comment2;
$comments2 = $_POST["comments"];
echo $comment2;
[edited by: PHP_Chimp at 5:53 pm (utc) on Feb. 22, 2008]
<?php
// check for naughty words
$phrase = $_POST["comments"];
$phrase="asasa one asasas";
// set array with the bad words in
$badwords = array('hello', 'world', 'one', 'two');
// set what is used to replace the bad words
$filter = "****";
$comments2 = str_replace($badwords, $filter, $phrase);echo"$comments2";
?>
got it working (eventually) thanks.
Was also the problem later on in the script that wasn't processing the right information as it writes the stuff to the database.
:)
edit - i see someone else has posted..and some extra stuff..i'll look into that too.
remove double quote in the array and in post
please forgive my ignorance but what difference does double and single quotes make in the array definition?
