Solved

Detect a bad words in PHP

Posted on 2003-10-31
6
777 Views
Last Modified: 2011-10-03
Hello Experts;

I'm a newbie in PHP and knows nothing about it. I have this html code that
displays a form and a button. If I press on the button it shows a message
like "No Bad Words Allowed !".

<html>
<head>
<script language="JavaScript">
<!--  Begin
function askData() {
alert ("No Bad Words Allowed !"+"Sorry . . .");  
}
// End -->
</script></head>
<body><center>
<form>
<textarea name=comments rows=10 cols=50>
</textarea><br>
<input type=button value="Submit" onClick="askData()">
</form></center>
</body>
</html>

What I would like to do is to catch a bad words on the form, before it displays a message.
and prevent it to be submitted in my mysql database.

Can anyone complete this html code above and tract down the bad words and prevent it
from going to a mysql database, thanks in advance.

This is the senario :

If a user type in a bad word like "(Edited by Computer101)" on the form and press submit there will be a
message that will display my warning message and then prevent it from going to my
mysql database.

I'm gonna add an additional 100 pts. to anyone who can complete the codes.

0
Comment
Question by:Rosewell
6 Comments
 
LVL 3

Assisted Solution

by:y2kwacko
y2kwacko earned 20 total points
ID: 9662604
Rosewell,

This question should really be in the JavaScript section since that is what it is.  The following code will check for two words but you can easily add more words.

Begin Code
----------------------------------------------------------------
<html>
<head>
<script language="JavaScript">
<!--  Begin
function askData() {
 var myData = document.comments.strcomment.value;
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
 {
   alert ("No Bad Words Allowed !"+"Sorry . . .");  
 }
}
// End -->
</script></head>
<body><center>
<form name="comments">
<textarea name=strcomment rows=10 cols=50>
</textarea><br>
<input type=button value="Submit" onClick="askData()">
</form></center>
</body>
</html>
----------------------------------------------------------------
End Code



You can easily add more words by editing the following line

Begin Code
----------------------------------------------------------------
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
----------------------------------------------------------------
End Code

To add an additional word change it to

Begin Code
----------------------------------------------------------------
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
----------------------------------------------------------------
End Code


If you have any more questions feel free to ask.

Regards,
Kevin
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9662846
Personally, I think the thing should be handled at PHP Level, and not through HTML/JS, since turning off/circumventing JS is pretty easy.

Something like

<?php

function clean_bad_words($str){
  $bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker");
  foreach($bad_words as $bad_word){
    if(strpos($str, $bad_word)){
      die("We don't like bad words here, Sorry")
    }
  }
  return $str;
}

?>

Alternatively you could just filter them out with something like

<?php

function clean_bad_words($str){
$bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker")
return str_replace($bad_words, "{bad_lang}", $str);
}

?>
0
 
LVL 6

Accepted Solution

by:
aolXFT earned 160 total points
ID: 9662873
HTML Form:
Sample:
###############################
<html>
<head>
<title>Bad Word Filter</title>
</head>
<body><center>
<form action="form_processer.php" method="post">
<textarea name="comments" rows="10" cols="50"></textarea><br />
<input type="submit" value="Submit">
</form>
</center>
</body>
</html>
################################
I've removed the JS, and set the action, and method parameters to form_processer.php, and post respectively.

I haven't seen what script you use to add the info the the database, or your database scheme, so I'm assuming that you have a simple one-field database(unlikely - but the solution can be scaled to a more likely scheme), and I'm assuming that the PHP script simply adds the info the the db, and prints a thank-you message.

################################
<?php

function clean_bad_words($str){ // cut'n'pasted from above
  $bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker");
  foreach($bad_words as $bad_word){
    if(strpos($str, $bad_word)){
      die("We don't like bad words here, Sorry")
    }
  }
  return $str;
}

$mysql_conn = mysql_connect("host", "username", "password");
mysql_select_db("db_name", $mysql_conn);

$comment = mysql_escape_string( clean_bad_words($_POST['comments']) );
mysql_query("insert into comments (comment) values($comment)";

echo "Thank you very much for your Comments";

?>
#####################################

I haven't tested this btw, so it may contain typos.


0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Rosewell
ID: 9674090
Thanks a lot guys, I'm gonna try it all and pick the best solution :)
0
 
LVL 7

Assisted Solution

by:minnirok
minnirok earned 20 total points
ID: 9680650
Your initial approach uses JavaScript; while JavaScript and other client side methods can return error messages without having to involve the server, keep in mind that JavaScript can be turned off on the client side.  You'll want to verify the correctness of data on the server to close up this workaround.  Using strpos in PHP is a good start.
0
 
LVL 6

Assisted Solution

by:aolXFT
aolXFT earned 160 total points
ID: 9682032
I just noticed a bug in my code.

in the line containing "if(strpos($str, $bad_word)){" I just remembered that that function will evaluate to boolean 0, if the bad word is at the start. Therefore putting a bad word at the very start will allow you override the check.

You can fix this by changing the line in question to

if(strpos($str, $bad_word) === false){

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now