emilbus20
asked on
Filter text to be entered into a comment area
Sup. I have a site with a comment area. Id like to have it so users cannot enter certain text. LIke curse words, http, <a href and other things like that. What is the best way to do this. I believe php allows this right? Thanks
If you want to get rid of all html from a comment, the simplest thing would be to use htmlspecialchars on the input. This would cause any '<', '>' to be displayed harmlessly enough, and make it impossible for someone to put functioning html into their comments, same as EE does.
As for cursewords, just make your array of naughty words, and then an array of the same size for non-naughty words to replace them (or just empty strings), and then use:
$output = str_replace($dirty_words, $clean_words, htmlspecialchars($_POST['c omments']) );
As for cursewords, just make your array of naughty words, and then an array of the same size for non-naughty words to replace them (or just empty strings), and then use:
$output = str_replace($dirty_words, $clean_words, htmlspecialchars($_POST['c
<?
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";
function word_filter($text)
{
global $bad_word_list;
$bad_words = explode(", ",$bad_word_list);
foreach ($bad_words as $bad_word)
{
$filter = '';
for ($i = 0; $i < strlen($bad_word); $i++)
$filter .= '*';
$text = eregi_replace($bad_word, $filter, $text);
}
return $text;
}
echo word_filter("This ducking SUCKS. You should eat SHAT that comes out of your azz you BOTCH!");
?>
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";
function word_filter($text)
{
global $bad_word_list;
$bad_words = explode(", ",$bad_word_list);
foreach ($bad_words as $bad_word)
{
$filter = '';
for ($i = 0; $i < strlen($bad_word); $i++)
$filter .= '*';
$text = eregi_replace($bad_word, $filter, $text);
}
return $text;
}
echo word_filter("This ducking SUCKS. You should eat SHAT that comes out of your azz you BOTCH!");
?>
ASKER
haha bonmat86 thats good usage of those words lol. THanks though this looks good. Ill try it out
ASKER
Oh hey which file does this need to go into? The one where users add comments? Sorry i sound silly, but im kind of clueless with this stuff. Thanks
I've given you the easy way emilbus20. The other solution is processor-intensive and does nothing to stop people from using HTML. However, he does use a case-insensitive method, which I hadn't thought about. With that in mind, I'd change my suggestion to read:
$output = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['c omments']) );
$output = str_ireplace($dirty_words,
ASKER
ok i hear what your saying. Just not sure where I would need to put this code? Also to i need to create a text file somewhere wit the dirty words list? Thanks
What is the url address of your comments form? Tell me that and I can tell you where the code goes.
change
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";
to
$bad_word_list = file_get_contents('./badwo rds.txt');
Goodluck.
Bonmat86.
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";
to
$bad_word_list = file_get_contents('./badwo
Goodluck.
Bonmat86.
ASKER
wolf site is www.popthatzit.com its kind of gross so dont watch if your eating. ha!!
LOL!
Yeah, that's kinda gross alright. Ok, the action page on your comments form is "file/user.php" and the field is called just "comment". So, at the top of user.php write:
$dirty_words = array('put', 'any', 'bad', 'words', 'here');
$clean_words = array('set', 'all', 'clean', 'terms', 'aqui');
$_POST['comment'] = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['c omment'])) ;
Yeah, that's kinda gross alright. Ok, the action page on your comments form is "file/user.php" and the field is called just "comment". So, at the top of user.php write:
$dirty_words = array('put', 'any', 'bad', 'words', 'here');
$clean_words = array('set', 'all', 'clean', 'terms', 'aqui');
$_POST['comment'] = str_ireplace($dirty_words,
ASKER
hehe thanks. So i added that and i got Fatal error: Call to undefined function: str_ireplace()
Shoudl this go at the very top? First thing on page?
Shoudl this go at the very top? First thing on page?
Ah. You must be using php 4. str_ireplace was added in php 5.
Well, so much for being more processor efficient. Add this to the top of the other lines:
if(!function_exists('str_i replace')) {
function str_ireplace($search,$repl ace,$subje ct) {
$search = preg_quote($search, "/");
return preg_replace("/".$search." /i", $replace, $subject); } }
Well, so much for being more processor efficient. Add this to the top of the other lines:
if(!function_exists('str_i
function str_ireplace($search,$repl
$search = preg_quote($search, "/");
return preg_replace("/".$search."
ASKER
lol. so there are 2 user.php files
one at the root and the other int he templates folder
The root has the <?php and the other is all html
Im assuming this goes into the root user.php
I did this but still gettng errors
Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in /home/popthatz/public_html /user.php on line 7
Sorry topbe a pain
one at the root and the other int he templates folder
The root has the <?php and the other is all html
Im assuming this goes into the root user.php
I did this but still gettng errors
Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in /home/popthatz/public_html
Sorry topbe a pain
That's what I get for blindly grabbing code off of php.net's comments without doing my own check first. Try this:
if(!function_exists('str_i replace')) {
function str_ireplace($search,$repl ace,$subje ct) {
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_sea rch."/i", $replace, $subject); } }
if(!function_exists('str_i
function str_ireplace($search,$repl
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_sea
ASKER
Well i threw this after this<?php
require_once ('global.php');
if(!function_exists('str_i replace')) {
function str_ireplace($search,$repl ace,$subje ct) {
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_sea rch."/i", $replace, $subject); } }
$dirty_words = array('fock');
$clean_words = array('zit');
$_POST['comment'] = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['c omment'])) ;
Got this error. The comment went through with the course
Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in
require_once ('global.php');
if(!function_exists('str_i
function str_ireplace($search,$repl
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_sea
$dirty_words = array('fock');
$clean_words = array('zit');
$_POST['comment'] = str_ireplace($dirty_words,
Got this error. The comment went through with the course
Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This would have been so much simpler if you'd just had php 5. :)
ASKER
doh!!! yeah i dunno. I thnk php5 woudl throw off a lot of my sites, but im not sure. No worries if you cant figure it out. You have instant messenger? you coudl with .htacces stuff
Oh, I was just saying that if you'd had php 5 my original solution would've sufficed. The last one I put up there ought to work now. Give it a shot, and if it fails again (it shouldn't, but just saying), just tell me the exact error message, same as before.
ASKER
Ah sweet it worked!! Worked int he comment area but not on the title lol. Any ideas. Thanks so much regardles, this is cool
ASKER
ha well i just copied it again and replaced comment with title? It worked but im not sure if its the most effecient way?
All you needed was the line:
$_POST['title'] = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['t itle']));
Don't need to copy the whole thing.
$_POST['title'] = str_ireplace($dirty_words,
Don't need to copy the whole thing.
ASKER
awesome thansk so much!!
Now, if you want to stop them from even entering such text even before they hit submit, you'd need a client-side solution - probably javascript, and the complexity of the task would put it way outside my expertise.