I have set up a guestbook on a flash site and the customer has asked for a bad word filter to be incorporated. I have this code for it:
$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
Where in the following code should this be inserted, please:
// Part Two - Choose what action to perform
$action = $_GET['action'];
switch($action) {
case 'read' :
// Fetch all comments from database table
$sql = 'SELECT * FROM `' . $table . '`';
$allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
$numallComments = mysql_num_rows($allComments);
// Fetch page-wise comments from database table
$sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
$fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
$numfewComments = mysql_num_rows($fewComments);
// Generate Output for Flash to Read
print '&totalEntries=' . $numallComments . '&';
print "<br>&entries=";
if($numallComments == 0) {
print "No entries in the guestbook, as yet..";
} else {
while ($array = mysql_fetch_array($fewComments)) {
$name = mysql_result($fewComments, $i, 'name');
$email = mysql_result($fewComments, $i, 'email');
$comments = mysql_result($fewComments, $i, 'comments');
$time = mysql_result($fewComments, $i, 'time');
print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
$i++;
}
}
// Print this only when there aren't any more entries..
if($_GET['NumLow'] > $numallComments) {
print 'No More Entries!&';
}
break;
case 'write' :
// Recieve Variables From Flash
$name = ereg_replace("&", "%26", $_POST['yourname']);
$email = ereg_replace("&", "%26", $_POST['youremail']);
$comments = ereg_replace("&", "%26", $_POST['yourcomments']);
$submit = $_POST['submit'];
// Current system date in yyyy-mm-dd format
$submitted_on = date ("Y-m-d H:i:s",time());
// Check if its submitted from Flash
if($submit == 'Yes'){
// Insert the data into the mysql table
$sql = 'INSERT INTO ' . $table .
' (`ID`,
`name`,
`email`,
`comments`,
`time`
)
VALUES
(\'\','
. '\'' . $name . '\','
. '\'' . $email . '\','
. '\'' . $comments . '\','
. '\'' . $submitted_on . '\'
)';
$insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
Is it after the submit POST [submit] section?
Grateful for any help.