Detect a bad words in PHP

Hello Experts;

I'm a newbie in PHP and knows nothing about it. I have this html code that
displays a form and a button. If I press on the button it shows a message
like "No Bad Words Allowed !".

<html>
<head>
<script language="JavaScript">
<!--  Begin
function askData() {
alert ("No Bad Words Allowed !"+"Sorry . . .");  
}
// End -->
</script></head>
<body><center>
<form>
<textarea name=comments rows=10 cols=50>
</textarea><br>
<input type=button value="Submit" onClick="askData()">
</form></center>
</body>
</html>

What I would like to do is to catch a bad words on the form, before it displays a message.
and prevent it to be submitted in my mysql database.

Can anyone complete this html code above and tract down the bad words and prevent it
from going to a mysql database, thanks in advance.

This is the senario :

If a user type in a bad word like "(Edited by Computer101)" on the form and press submit there will be a
message that will display my warning message and then prevent it from going to my
mysql database.

I'm gonna add an additional 100 pts. to anyone who can complete the codes.

RosewellAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

y2kwackoCommented:
Rosewell,

This question should really be in the JavaScript section since that is what it is.  The following code will check for two words but you can easily add more words.

Begin Code
----------------------------------------------------------------
<html>
<head>
<script language="JavaScript">
<!--  Begin
function askData() {
 var myData = document.comments.strcomment.value;
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
 {
   alert ("No Bad Words Allowed !"+"Sorry . . .");  
 }
}
// End -->
</script></head>
<body><center>
<form name="comments">
<textarea name=strcomment rows=10 cols=50>
</textarea><br>
<input type=button value="Submit" onClick="askData()">
</form></center>
</body>
</html>
----------------------------------------------------------------
End Code



You can easily add more words by editing the following line

Begin Code
----------------------------------------------------------------
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
----------------------------------------------------------------
End Code

To add an additional word change it to

Begin Code
----------------------------------------------------------------
 if (myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0 || myData.indexOf("(Edited by Computer101)") > 0)
----------------------------------------------------------------
End Code


If you have any more questions feel free to ask.

Regards,
Kevin
0
aolXFTCommented:
Personally, I think the thing should be handled at PHP Level, and not through HTML/JS, since turning off/circumventing JS is pretty easy.

Something like

<?php

function clean_bad_words($str){
  $bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker");
  foreach($bad_words as $bad_word){
    if(strpos($str, $bad_word)){
      die("We don't like bad words here, Sorry")
    }
  }
  return $str;
}

?>

Alternatively you could just filter them out with something like

<?php

function clean_bad_words($str){
$bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker")
return str_replace($bad_words, "{bad_lang}", $str);
}

?>
0
aolXFTCommented:
HTML Form:
Sample:
###############################
<html>
<head>
<title>Bad Word Filter</title>
</head>
<body><center>
<form action="form_processer.php" method="post">
<textarea name="comments" rows="10" cols="50"></textarea><br />
<input type="submit" value="Submit">
</form>
</center>
</body>
</html>
################################
I've removed the JS, and set the action, and method parameters to form_processer.php, and post respectively.

I haven't seen what script you use to add the info the the database, or your database scheme, so I'm assuming that you have a simple one-field database(unlikely - but the solution can be scaled to a more likely scheme), and I'm assuming that the PHP script simply adds the info the the db, and prints a thank-you message.

################################
<?php

function clean_bad_words($str){ // cut'n'pasted from above
  $bad_words = array("(Edited by Computer101)", "(Edited by Computer101)", "boss", "(Edited by Computer101)", "work", "wanker");
  foreach($bad_words as $bad_word){
    if(strpos($str, $bad_word)){
      die("We don't like bad words here, Sorry")
    }
  }
  return $str;
}

$mysql_conn = mysql_connect("host", "username", "password");
mysql_select_db("db_name", $mysql_conn);

$comment = mysql_escape_string( clean_bad_words($_POST['comments']) );
mysql_query("insert into comments (comment) values($comment)";

echo "Thank you very much for your Comments";

?>
#####################################

I haven't tested this btw, so it may contain typos.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

RosewellAuthor Commented:
Thanks a lot guys, I'm gonna try it all and pick the best solution :)
0
minnirokCommented:
Your initial approach uses JavaScript; while JavaScript and other client side methods can return error messages without having to involve the server, keep in mind that JavaScript can be turned off on the client side.  You'll want to verify the correctness of data on the server to close up this workaround.  Using strpos in PHP is a good start.
0
aolXFTCommented:
I just noticed a bug in my code.

in the line containing "if(strpos($str, $bad_word)){" I just remembered that that function will evaluate to boolean 0, if the bad word is at the start. Therefore putting a bad word at the very start will allow you override the check.

You can fix this by changing the line in question to

if(strpos($str, $bad_word) === false){

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.