Bad word filter

Expand Post »

I have set up a guestbook on a flash site and the customer has asked for a bad word filter to be incorporated. I have this code for it:

PHP Syntax (Toggle Plain Text)
[php]
$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
[/php]
[php]
$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
[/php]

Where in the following code should this be inserted, please:

PHP Syntax (Toggle Plain Text)
// Part Two - Choose what action to perform
   $action = $_GET['action'];
 
   switch($action) {
      case 'read' :
		 // Fetch all comments from database table
		 $sql = 'SELECT * FROM `' . $table . '`';
		 $allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
		 $numallComments = mysql_num_rows($allComments);
		 // Fetch page-wise comments from database table
		 $sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
		 $fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
		 $numfewComments = mysql_num_rows($fewComments);
		 // Generate Output for Flash to Read
		 print '&totalEntries=' . $numallComments . '&';
		 print "<br>&entries=";	
 
		 if($numallComments == 0) {
		    print "No entries in the guestbook, as yet..";
		 } else { 
		    while ($array = mysql_fetch_array($fewComments)) {
			   $name = mysql_result($fewComments, $i, 'name');
			   $email = mysql_result($fewComments, $i, 'email');
			   $comments = mysql_result($fewComments, $i, 'comments');
			   $time = mysql_result($fewComments, $i, 'time');
 
			   print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
			   $i++;
		    }
		}
		// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
 
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';
		 $insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
// Part Two - Choose what action to perform
   $action = $_GET['action'];
   
   switch($action) {
      case 'read' :
		 // Fetch all comments from database table
		 $sql = 'SELECT * FROM `' . $table . '`';
		 $allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
		 $numallComments = mysql_num_rows($allComments);
		 // Fetch page-wise comments from database table
		 $sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
		 $fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
		 $numfewComments = mysql_num_rows($fewComments);
		 // Generate Output for Flash to Read
		 print '&totalEntries=' . $numallComments . '&';
		 print "<br>&entries=";	
		 
		 if($numallComments == 0) {
		    print "No entries in the guestbook, as yet..";
		 } else { 
		    while ($array = mysql_fetch_array($fewComments)) {
			   $name = mysql_result($fewComments, $i, 'name');
			   $email = mysql_result($fewComments, $i, 'email');
			   $comments = mysql_result($fewComments, $i, 'comments');
			   $time = mysql_result($fewComments, $i, 'time');
			   
			   print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
			   $i++;
		    }
		}
		// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
		 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
		 		 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';
		 $insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());

Is it after the submit POST [submit] section?
Grateful for any help.

Similar Threads

The Definitive Guide to which Forum Software Information in Social Media and Online Communities
Reputation abuse in DaniWeb Community Feedback
regarding a banned user (delete if inappropriate) in DaniWeb Community Feedback
Dirty words filter... in DaniWeb Community Feedback

bigginge

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Nov 2008

Permalink

Nov 6th, 2008

Re: Bad word filter

I would assume you want to put this before for insert the data into the database, so withing the write part of the switch before the SQL query.

Will Gresham

Reputation Points: 96

Solved Threads: 124

Master Poster

Offline

728 posts
since May 2008

Permalink

Nov 6th, 2008

Re: Bad word filter

Thank you so much. I put it here:

PHP Syntax (Toggle Plain Text)
// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 				   $bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';
// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
		 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 				   $bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
		 		 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';

and it worked a treat. I did alter badword1 etc. with real words. Now just need to sit down and think of the worst words I can.
Marvellous, you're a star.

bigginge

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Nov 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: php validation before file upload

Next Thread in PHP Forum Timeline: Back URL function and keeping search criteria - From Natasha

DaniWeb Message

Cancel Changes

User Name
Password