Bad word filter

Question

bigginge 0 Newbie Poster

16 Years Ago

I have set up a guestbook on a flash site and the customer has asked for a bad word filter to be incorporated. I have this code for it:

$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}

Where in the following code should this be inserted, please:

// Part Two - Choose what action to perform
   $action = $_GET['action'];

   switch($action) {
      case 'read' :
         // Fetch all comments from database table
         $sql = 'SELECT * FROM `' . $table . '`';
         $allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numallComments = mysql_num_rows($allComments);
         // Fetch page-wise comments from database table
         $sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
         $fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numfewComments = mysql_num_rows($fewComments);
         // Generate Output for Flash to Read
         print '&totalEntries=' . $numallComments . '&';
         print "<br>&entries=";  

         if($numallComments == 0) {
            print "No entries in the guestbook, as yet..";
         } else { 
            while ($array = mysql_fetch_array($fewComments)) {
               $name = mysql_result($fewComments, $i, 'name');
               $email = mysql_result($fewComments, $i, 'email');
               $comments = mysql_result($fewComments, $i, 'comments');
               $time = mysql_result($fewComments, $i, 'time');

               print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
               $i++;
            }
        }
        // Print this only when there aren't any more entries..
        if($_GET['NumLow'] > $numallComments) {
           print 'No More Entries!&';
        }
        break;

      case 'write' :
         // Recieve Variables From Flash
         $name = ereg_replace("&", "%26", $_POST['yourname']);
         $email = ereg_replace("&", "%26", $_POST['youremail']);
         $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
         $submit = $_POST['submit'];

         // Current system date in yyyy-mm-dd format
         $submitted_on = date ("Y-m-d H:i:s",time());

         // Check if its submitted from Flash
         if($submit == 'Yes'){
         // Insert the data into the mysql table
         $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
                   `name`, 
                   `email`, 
                   `comments`, 
                   `time`
                  ) 
                  VALUES 
                  (\'\','
                   . '\'' . $name . '\',' 
                   . '\'' . $email . '\',' 
                   . '\'' . $comments . '\',' 
                   . '\'' . $submitted_on . '\'
                   )';
         $insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());

Is it after the submit POST [submit] section?
Grateful for any help.

php

Edited 11 Years Ago by Reverend Jim because: Fixed formatting

2 Contributors
2 Replies
182 Views
13 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by bigginge

Will Gresham 81 Master Poster

16 Years Ago

I would assume you want to put this before for insert the data into the database, so withing the write part of the switch before the SQL query.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

bigginge 0 Newbie Poster · Answer 1 · 2008-11-07T01:59:15+00:00

Thank you so much. I put it here:

// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
		 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 				   $bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
		 		 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';

and it worked a treat. I did alter badword1 etc. with real words. Now just need to sit down and think of the worst words I can.
Marvellous, you're a star.