Welcome to WebmasterWorld Guest from 23.22.200.6

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

trying to validate input string

     
2:44 am on Jun 1, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


Hello all,

I am trying to validate an input string. If the input string contains a word, I want to deny it.

I have the following code but it is not stopping it. I have others that do work so I know the rest is ok.

if (strpos($value, "essay")) { 
$er=$er+1;
echo "<center><font size='-1' color='red'>Your name is noted as spammy.</font></center><br>";}


Please help
3:16 am on June 1, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


got it!

if (strpos($value, "essay") !==false) {
$er=$er+1;
echo "<center><font size='-1' color='red'>Your comment is noted as spammy.</font></center><br>";}
4:28 pm on June 1, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Why are you using 1995 deprecated and non-semantic html?

echo '<p style="margin:auto; color:red;">Your comment is noted as spammy.</p>';

It does matter.

Anyway you are likely to have several such words and this list will change over time, I suggest a global list somewhere as a configuration . . .

$badwords = array {
'bad1',
'bad phrase',
'another bad phrase'
};
//
if (check_input($_POST['comments'],$badwords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>";
exit;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (strpos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}


Of course strpos doesn't check for CasEinSensItiviTy (stripos() DOES) and might miss attempts to hack around your filters, stripos or even preg_match would be a better choice.


if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
12:53 pm on June 3, 2012 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14643
votes: 93


Why are you using 1995 deprecated and non-semantic html?


That's like asking why people program in C vs C++ or C#

You go with what you know ;)
1:53 am on June 10, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


I am trying to get your coding to work but am getting a fatal error.

$spammywords=array('forum','dissertation');
//
if (check_input($_POST['comments'],$spammywords)) {
echo '<p style="margin:auto; color:red">Your comment is noted as spammy.</p>';
$er=$er+1;
}
//
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
if (stripos($input, $phrase)===true) { // Note THREE
$spam=1;
break;
}
}
return $spam;
}
5:03 pm on June 11, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Well, any code posted here is typed on the fly for educational purposes only, and you didn't say what the error was.

Note that functions must go **outside** any logic blocks in the "root" context of the PHP script or you'll get "undefined function" (or, you could move the function to immediately before them being called but that's kinda dumb logic.)

Anyway, here's a tested working example, but couldn't get stripos to work. IMO it's not the right tool for what you're doing anyway.


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Untitled</title>
</head>
<body>
<?php
if ($_POST) {
$badwords = array (
'bad1',
'bad phrase',
'another bad phrase'
);
$errors=null;
//
foreach ($_POST as $key=>$value) {
if (check_input($value,$badwords)) {
$errors .= "<li style=\"list-style:none; color:red\">Spam detected in the $key field.</li>\n";
}
}
} // End if POST
// Function - must reside OUTSIDE logic blocks
function check_input($input,$list) {
$spam=null;
foreach ($list as $phrase) {
// if (stripos($input, $phrase)===true) { // Note THREE
if (preg_match("/$phrase/i",$input)) {
$spam=1;
break;
}
}
return $spam;
} // end function
?>
<form method="post" action="input-test.php">
<?php if ($errors) { echo "<ul>$errors</ul>"; }?>
<p><label for="yourname">Your Name</label>:
<input type="text" name="yourname" id="yourname" value="bad1"></p>
<p><label for="comments">Comments</label>:
<textarea name="comments" id="comments" rows="3" cols="20">bad phrase</textarea></p>
<p><input type="submit" value="Test Me"></p>
</form>
</body>
</html>


Note how there's no hard coded references to the form fields in the validation portion.
2:04 am on June 12, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


Ok, thank you!
4:04 am on June 15, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


rockinbil, is there a different way you would recommend than above's code?
4:20 pm on June 15, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Different in what way? That approach is expandable (you can add to or remove from the array as you need to,) compartmentalized and approaching OOP (the function accepts parameters and returns values,) the function can serve multiple purposes (for example, you can pass a different words array list to it to validate ordinary form data), and portable (the function can be moved into an include and used by multiple programs or scripts.) Not really sure what you mean.
4:57 pm on June 15, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


rocknbil

you stated above that you have stripos but you included it in the code? Do you like as is or use different functions to catch the spam words?
2:42 pm on June 16, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Ah. You can see the line for stripos is commented out and it's using preg_match, which is what I prefer (but that's just me.) I couldn't get stripos to work in this context. That is working code BTW.
6:07 pm on June 16, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


I tried the code but get a fatal error

Fatal error: Call to undefined function check_input()
4:19 pm on June 18, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


From post #4464021? This can only mean one thing.

// Function - must reside OUTSIDE logic blocks


You have the function inside an if if/else block. I just retested it, appears to be working fine.
12:17 am on June 19, 2012 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 9, 2006
posts: 177
votes: 0


thanks for the help....you're the BoMB
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members