PDA

View Full Version : Filter Text from the form using php



Rockonmetal
10-18-2007, 08:18 PM
I have this suggestion form but I don't want people to swear and stuff cuz I put up one last night and I got 350 bad words, links, advertisements, and a whole bunch of stuff...
But anyways I don't know how to filter through words and to see if a variable is too long using strings...
I have the code below of the page...

<html>
<head>
<style type="text/css">
html,body{
font-family: Trebuchet Ms;
font-size: 12px;
}
.input{
width: 200px;
border: 1px solid #4e4e4e;
padding-left: 3px;
font-family: Trebuchet Ms;
font-size: 16px;
font-weight: bold;
background-color: #FFFFFF;
}
.textarea{
width: 350px;
height: 100px;
border: 1px solid #4e4e4e;
padding-left: 3px;
font-family: Trebuchet Ms;
font-size: 13px;
}
</style>
</head>
<body>
<form action="193.php" method="post" />
<br />Your Display Name:
<br /><input type="text" name="1" class="input"/>
<br />
<br />Your Message:
<br /><textarea class="textarea" name="2"></textarea>
<br />
<br /><input type="submit" class="input" />
</form>
<?php
$dName = $_POST["1"];
$Message = $_POST["2"];
?>

If you explain what to put where and how to edit it pretty well then I can do it... or if you feel that you could just write the code yourself faster than doing that it's fine, it's your choice...

djr33
10-18-2007, 09:24 PM
Well, you need to think about specifically step by step how to alter the text.
A simple bad word filter is incredibly simple... just replace [word] with [] or [****], etc.

$string = str_replace('findword','replaceword_orblank',$string);

Efficiently, you could use an array-- array('word1','word2','word3') -- and place the replace within a foreach loop, removing each word.

You may also want to consider placement-- hello contains hell; you may want to check that there is a space or other punctuation on either side of the word.

Replacing links wouldn't be all that hard--
You could use regex, or you could use a less efficient/simpler (but more complex statements) method with substr, etc.

while (strpos('http://',$string)!==FALSE) {
$string = substr($string,0,strpos($string,'http://')).substr($string,strpos($string,' ',strpos($string,'http://'));
}
(Can't promise that'll work, but the concept is there-- and you should consider if that's exactly what you want anyway.)


And you can do some more, as well, though nothing you will do can get around human creativity, so you'll need to manually check the posts... yep. Ban those who post offensive comments if possible, as well.

A simple captcha or even just a question "what color is grass? [blue] [red] [green]" would also help with bots.
Your security doesn't need to be perfect if there isn't a real threat-- just some spam, and it is likely that the bots will give up rather than adapt as your site probably is not any particular benefit to them... they just search out forms and post.

Rockonmetal
10-18-2007, 09:29 PM
K, thanks man I'll try it out... I'll try the string out and I don't feel comfortable with it I'll try the array out... thanks...

djr33
10-18-2007, 09:43 PM
If you want a lot of words, the array is absolutely the best method. For just a few, lines of code would work.

Twey
10-18-2007, 09:55 PM
Efficiently, you could use an array-- array('word1','word2','word3') -- and place the replace within a foreach loop, removing each word.No need to loop, str_replace() takes arrays:
str_replace(array('monkeys', 'fish'), array('*******', '****'), $str);

djr33
10-18-2007, 10:05 PM
Ah. Very nice. I'd say don't use a second array, then; just use an empty string or '****', which would be the same value for every element of the other array.
I don't see the point in having a separate replace value for each item, though perhaps you'd like the right number of asterisks, though that would make the original word more clear.

boogyman
10-18-2007, 10:44 PM
or you could just put the ole *beep*


although its always funny to replace with random words to confuse the reader haha :)

djr33
10-18-2007, 10:59 PM
Better yet, insert random foreign language words. It will seem like it has some meaning to the average reader, but actually be complete nonsense. :p

I like the 2-year-old approach of " I said a no no word :( " as well.

Twey
10-18-2007, 11:22 PM
A "no no word?" xD

JShor
10-19-2007, 12:35 AM
Try using one of these functions:

http://us.php.net/ereg_replace

http://us.php.net/str_replace

djr33
10-19-2007, 12:49 AM
Yes, Twey, just like you'd say to a 3 year old. Quite convincing for people to not do that repeatedly.

thehotspotguide
09-28-2009, 06:51 PM
I am having a very difficult time with this. I am trying to filter out curse words and other words in my mail form, but I tried the $string replace I'm not sure if I'm putting it in the right place or what. Any suggestions? This is what my php code looks like:


<?php


$area = "login";
include("./_include/core/main_start.php");
class CCompose extends CHtmlBlock
{
var $m_on_page = 20;
var $message = "";
var $id;
var $subject;
var $text;
var $type = 'plain';
var $Turing;


function action()

{
global $g_user;
global $g;

$cmd = get_param("cmd", "");

if ($cmd == "reply")
{
$msg = (int) get_param("msg", "");
$sql = "
SELECT u.user_id AS user_from, u2.user_id AS user_to,
m.id, m.subject, m.text, m.type AS mtype
FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from)
LEFT JOIN user AS u2 ON u2.user_id=m.user_to)
WHERE m.id=" . $msg . "
";
DB::query($sql);
if ($row = DB::fetch_row())
{
$this->id = $row['user_from'] != $g_user['user_id'] ? $row['user_from'] : $row['user_to'];
$this->subject = "Re: " . $row['subject'];
if ($row['mtype'] == 'plain') $this->text = "> " . str_replace("\n", "\n > ", $row['text']);
else $this->text = "";

}
}
if ($cmd == "forward")
{
$msg = (int) get_param("msg", "");
$sql = "
SELECT u.user_id AS user_from, u2.user_id AS user_to,
m.id, m.subject, m.text, m.type AS mtype
FROM ((mail_msg AS m LEFT JOIN user AS u ON u.user_id=m.user_from)
LEFT JOIN user AS u2 ON u2.user_id=m.user_to)
WHERE m.id=" . $msg . "
";

DB::query($sql);
if ($row = DB::fetch_row())
{
$this->subject = "Fw: " . $row['subject'];
if ($row['mtype'] == 'plain') {
$this->text = "> " . str_replace("\n", "\n > ", $row['text']);
} else {
$this->text = urlencode($row['text']);
$this->type = 'postcard';
}
}
}

if ($cmd == "sent")
{
$name = get_param("name", "");
$subject = to_sql(get_param("subject", ""), "Text");
$text = to_sql(urldecode(get_param("text", "")), "Text");

if ($name != "" and $subject != "" and $text != "")
{
$id = DB::result("SELECT user_id FROM user WHERE name=" . to_sql($name, "Text") . "");
$block = DB::result("SELECT id FROM users_block WHERE user_from=" . $id . " AND user_to=" . $g_user['user_id'] . "");

if ($id != 0 and $block == 0)
{
DB::execute("
INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, type)
VALUES(
" . to_sql($id, "Number") . ",
" . $g_user['user_id'] . ",
" . to_sql($id, "Number") . ",
" . 1 . ",
" . $subject . ",
" . $text . ",
" . time() . ",
" . to_sql(get_param('type')) . ")
");
DB::execute("UPDATE user SET new_mails=new_mails+1 WHERE user_id=" . to_sql($id, "Number") . "");

if (get_param("save", "") == "1")
{
DB::execute("
INSERT INTO mail_msg (user_id, user_from, user_to, folder, subject, text, date_sent, new, type)
VALUES(
" . $g_user['user_id'] . ",
" . $g_user['user_id'] . ",
" . to_sql($id, "Number") . ",
" . 3 . ",
" . $subject . ",
" . $text . ",
" . time() . ",
'N',
" . to_sql(get_param('type')) . ")
");



}

DB::query("SELECT name, orientation, mail, set_email_mail FROM user WHERE user_id='" . $id . "'");
if ($row = DB::fetch_row())
{
if ($row['set_email_mail'] != "2")
{
$subject = DB::result("SELECT subject FROM email_auto WHERE note='mail_message'");
$subject = str_replace("{name}", $g_user['name'], $subject);


$subject = str_replace("{title}", $g['main']['title'], $subject);

$text = DB::result("SELECT text FROM email_auto WHERE note='mail_message'");
$text = str_replace("{name}", $g_user['name'], $text);
$text = str_replace("{title}", $g['main']['title'], $text);


send_mail(
$row['mail'],
$g['main']['info_mail'],
$subject,
$text
);












}
}

redirect(get_param("page_from", ""));









}
elseif ($block > 0)
{
$this->message = "You in Block List.<br>";
}
else
{
$this->message = "Incorrect Username.<br>";
}
}
else
{
$this->message = "Incorrect Username, subject or message.<br>";
}
}
}
function parseBlock(&$html)
{
global $g_user;

$html->setvar("message", $this->message);

$html->setvar("subject", $this->subject);
$html->setvar("text", $this->text);

if (DB::query("SELECT u.name FROM users_favorite AS f LEFT JOIN user AS u ON u.user_id=f.user_to WHERE f.user_from=" . $g_user['user_id'] . ""))
{
$i = 0;
$num_columns = 3;
$total_checks = DB::num_rows();
$in_column = ceil(($total_checks) / $num_columns);

while ($row = DB::fetch_row())
{
$i++;

$html->setvar("fname", $row['name']);

if ($i % $in_column == 0 and $i != 0 and $num_columns != 1)
{
$html->parse("favorite_column", false);
}
else
{
$html->setblockvar("favorite_column", "");
}

$html->parse("favorite", true);
}
DB::free_result();
}

if (isset($this->id))
{
$id = $this->id;
}
else
{
$ids = get_param_array("id");
$id = isset($ids[0]) ? $ids[0] : 0;
}

DB::query("SELECT user_id, name FROM user WHERE user_id=" . to_sql($id, "Number") . " ");

if ($row = DB::fetch_row())
{
$html->setvar("name", $row['name']);
$html->parse("add_id", true);
}
else
{
$html->parse("add_name", true);
}

$to = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "mail.php";
$html->setvar("page_from", get_param("page_from", $to));

if ($this->type == 'plain') $html->parse("plain", true);
else $html->parse("postcard", true);

parent::parseBlock($html);



}
}



$page = new CCompose("", $g['tmpl']['dir_tmpl_main'] . "mail_compose.html");
$header = new CHeader("header", $g['tmpl']['dir_tmpl_main'] . "_header.html");
$page->add($header);
$footer = new CFooter("footer", $g['tmpl']['dir_tmpl_main'] . "_footer.html");
$page->add($footer);

$folders = new CFolders("folders", $g['tmpl']['dir_tmpl_main'] . "_folders.html");
$page->add($folders);

$users_ims = new CIms("ims", $g['tmpl']['dir_tmpl_main'] . "_ims.html");
$page->add($users_ims);




include("./_include/core/main_close.php");

?>