Filter text to be entered into a comment area

You can filter after the fact with php - that's actually just a matter of using a str_replace on the cursewords and not tricky at all (once you've built the exclusion array at least) and of doing a preg_replace to get rid of any html content you don't like.

Now, if you want to stop them from even entering such text even before they hit submit, you'd need a client-side solution - probably javascript, and the complexity of the task would put it way outside my expertise.

If you want to get rid of all html from a comment, the simplest thing would be to use htmlspecialchars on the input. This would cause any '<', '>' to be displayed harmlessly enough, and make it impossible for someone to put functioning html into their comments, same as EE does.

As for cursewords, just make your array of naughty words, and then an array of the same size for non-naughty words to replace them (or just empty strings), and then use:

$output = str_replace($dirty_words, $clean_words, htmlspecialchars($_POST['comments']));

<?
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";

function word_filter($text)
{
      global $bad_word_list;

      $bad_words = explode(", ",$bad_word_list);
      foreach ($bad_words as $bad_word)
      {
            $filter = '';
            for ($i = 0; $i < strlen($bad_word); $i++)
                  $filter .= '*';
            $text = eregi_replace($bad_word, $filter, $text);
      }

      return $text;
}

echo word_filter("This ducking SUCKS. You should eat SHAT that comes out of your azz you BOTCH!");
?>

haha bonmat86 thats good usage of those words lol. THanks though this looks good. Ill try it out

Oh hey which file does this need to go into? The one where users add comments? Sorry i sound silly, but im kind of clueless with this stuff. Thanks

I've given you the easy way emilbus20. The other solution is processor-intensive and does nothing to stop people from using HTML. However, he does use a case-insensitive method, which I hadn't thought about. With that in mind, I'd change my suggestion to read:

$output = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['comments']));

ok i hear what your saying. Just not sure where I would need to put this code? Also to i need to create a text file somewhere wit the dirty words list? Thanks

What is the url address of your comments form? Tell me that and I can tell you where the code goes.

change
$bad_word_list = "duck, shat, botch, azz, whure, cant, clot";
to
$bad_word_list = file_get_contents('./badwords.txt');

Goodluck.
Bonmat86.

wolf site is www.popthatzit.com  its kind of gross so dont watch if your eating. ha!!

LOL!

Yeah, that's kinda gross alright. Ok, the action page on your comments form is "file/user.php" and the field is called just "comment". So, at the top of user.php write:

$dirty_words = array('put', 'any', 'bad', 'words', 'here');
$clean_words = array('set', 'all', 'clean', 'terms', 'aqui');
$_POST['comment']  = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['comment']));

hehe thanks. So i added that and i got Fatal error: Call to undefined function: str_ireplace()


Shoudl this go at the very top? First thing on page?

Ah. You must be using php 4. str_ireplace was added in php 5.

Well, so much for being more processor efficient. Add this to the top of the other lines:

if(!function_exists('str_ireplace')) {
function str_ireplace($search,$replace,$subject) {
$search = preg_quote($search, "/");
return preg_replace("/".$search."/i", $replace, $subject); } }

lol. so there are 2 user.php files
one at the root and the other int he templates folder

The root has the <?php  and the other is all html

Im assuming this goes into the root user.php

I did this but still gettng errors

Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in /home/popthatz/public_html/user.php on line 7


Sorry topbe a pain

That's what I get for blindly grabbing code off of php.net's comments without doing my own check first. Try this:

if(!function_exists('str_ireplace')) {
function str_ireplace($search,$replace,$subject) {
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_search."/i", $replace, $subject); } }

Well i threw this  after this<?php
require_once ('global.php');



if(!function_exists('str_ireplace')) {
function str_ireplace($search,$replace,$subject) {
if(is_array($search)) {
foreach($search AS $item)
{ $safe_search[] = preg_quote($item, "/"); } }
else $safe_search = preg_quote($item);
return preg_replace("/".$safe_search."/i", $replace, $subject); } }
$dirty_words = array('fock');
$clean_words = array('zit');
$_POST['comment']  = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['comment']));



Got this error. The comment went through with the course

Warning: preg_replace(): Parameter mismatch, pattern is a string while replacement in an array. in

This would have been so much simpler if you'd just had php 5. :)

doh!!! yeah i dunno. I thnk php5 woudl throw off a lot of my sites, but im not sure. No worries if you cant figure it out. You have instant messenger? you coudl with .htacces stuff

Oh, I was just saying that if you'd had php 5 my original solution would've sufficed. The last one I put up there ought to work now. Give it a shot, and if it fails again (it shouldn't, but just saying), just tell me the exact error message, same as before.

Ah sweet it worked!! Worked int he comment area but not on the title lol. Any ideas. Thanks so much regardles, this is cool

ha well i just copied it again and replaced comment with title? It worked but im not sure if its the most effecient way?

All you needed was the line:

$_POST['title']  = str_ireplace($dirty_words, $clean_words, htmlspecialchars($_POST['title']));

Don't need to copy the whole thing.

awesome thansk so much!!