Welcome to WebmasterWorld Guest from 54.161.25.142

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

trying to validate input string

     
2:44 am on Jun 1, 2012 (gmt 0)

5+ Year Member



Hello all,

I am trying to validate an input string. If the input string contains a word, I want to deny it.

I have the following code but it is not stopping it. I have others that do work so I know the rest is ok.

if (strpos($value, "essay")) { 
$er=$er+1;
echo "<center><font size='-1' color='red'>Your name is noted as spammy.</font></center><br>";}


Please help
3:16 am on Jun 1, 2012 (gmt 0)

5+ Year Member



got it!

if (strpos($value, "essay") !==false) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your comment is noted as spammy.</font></center><br>";}
4:28 pm on Jun 1, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Why are you using 1995 deprecated and non-semantic html?

echo '<p style="margin:auto; color:red;">Your comment is noted as spammy.</p>';

It does matter.

Anyway you are likely to have several such words and this list will change over time, I suggest a global list somewhere as a configuration . . .

$badwords = array {
'bad1',
'bad phrase',
'another bad phrase'
};
//
if (check_input($_POST['comments'],$badwords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>";
exit;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (strpos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}


Of course strpos doesn't check for CasEinSensItiviTy (stripos() DOES) and might miss attempts to hack around your filters, stripos or even preg_match would be a better choice.


if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
12:53 pm on Jun 3, 2012 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Why are you using 1995 deprecated and non-semantic html?


That's like asking why people program in C vs C++ or C#

You go with what you know ;)
1:53 am on Jun 10, 2012 (gmt 0)

5+ Year Member



I am trying to get your coding to work but am getting a fatal error.

$spammywords=array('forum','dissertation');
//
if (check_input($_POST['comments'],$spammywords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>';
$er=$er+1;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (stripos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}
5:03 pm on Jun 11, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Well, any code posted here is typed on the fly for educational purposes only, and you didn't say what the error was.

Note that functions must go **outside** any logic blocks in the "root" context of the PHP script or you'll get "undefined function" (or, you could move the function to immediately before them being called but that's kinda dumb logic.)

Anyway, here's a tested working example, but couldn't get stripos to work. IMO it's not the right tool for what you're doing anyway.


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Untitled</title>
</head>
<body>
<?php
if ($_POST) {
$badwords = array (
'bad1',
'bad phrase',
'another bad phrase'
);
$errors=null;
//
foreach ($_POST as $key=>$value) {
if (check_input($value,$badwords)) {
$errors .= "<li style=\"list-style:none; color:red\">Spam detected in the $key field.</li>\n";
}
}
} // End if POST
// Function - must reside OUTSIDE logic blocks
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
// if (stripos($input, $phrase)===true) { // Note THREE
if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
}
return $spam;
} // end function
?>
<form method="post" action="input-test.php">
<?php if ($errors) { echo "<ul>$errors</ul>"; }?>
<p><label for="yourname">Your Name</label>:
<input type="text" name="yourname" id="yourname" value="bad1"></p>
<p><label for="comments">Comments</label>:
<textarea name="comments" id="comments" rows="3" cols="20">bad phrase</textarea></p>
<p><input type="submit" value="Test Me"></p>
</form>
</body>
</html>


Note how there's no hard coded references to the form fields in the validation portion.
2:04 am on Jun 12, 2012 (gmt 0)

5+ Year Member



Ok, thank you!
4:04 am on Jun 15, 2012 (gmt 0)

5+ Year Member



rockinbil, is there a different way you would recommend than above's code?
4:20 pm on Jun 15, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Different in what way? That approach is expandable (you can add to or remove from the array as you need to,) compartmentalized and approaching OOP (the function accepts parameters and returns values,) the function can serve multiple purposes (for example, you can pass a different words array list to it to validate ordinary form data), and portable (the function can be moved into an include and used by multiple programs or scripts.) Not really sure what you mean.
4:57 pm on Jun 15, 2012 (gmt 0)

5+ Year Member



rocknbil

you stated above that you have stripos but you included it in the code? Do you like as is or use different functions to catch the spam words?
2:42 pm on Jun 16, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Ah. You can see the line for stripos is commented out and it's using preg_match, which is what I prefer (but that's just me.) I couldn't get stripos to work in this context. That is working code BTW.
6:07 pm on Jun 16, 2012 (gmt 0)

5+ Year Member



I tried the code but get a fatal error

Fatal error: Call to undefined function check_input()
4:19 pm on Jun 18, 2012 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



From post #4464021? This can only mean one thing.

// Function - must reside OUTSIDE logic blocks


You have the function inside an if if/else block. I just retested it, appears to be working fine.
12:17 am on Jun 19, 2012 (gmt 0)

5+ Year Member



thanks for the help....you're the BoMB
 

Featured Threads

Hot Threads This Week

Hot Threads This Month