0

I have set up a guestbook on a flash site and the customer has asked for a bad word filter to be incorporated. I have this code for it:

$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}

Where in the following code should this be inserted, please:

// Part Two - Choose what action to perform
   $action = $_GET['action'];

   switch($action) {
      case 'read' :
         // Fetch all comments from database table
         $sql = 'SELECT * FROM `' . $table . '`';
         $allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numallComments = mysql_num_rows($allComments);
         // Fetch page-wise comments from database table
         $sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
         $fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numfewComments = mysql_num_rows($fewComments);
         // Generate Output for Flash to Read
         print '&totalEntries=' . $numallComments . '&';
         print "<br>&entries=";  

         if($numallComments == 0) {
            print "No entries in the guestbook, as yet..";
         } else { 
            while ($array = mysql_fetch_array($fewComments)) {
               $name = mysql_result($fewComments, $i, 'name');
               $email = mysql_result($fewComments, $i, 'email');
               $comments = mysql_result($fewComments, $i, 'comments');
               $time = mysql_result($fewComments, $i, 'time');

               print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
               $i++;
            }
        }
        // Print this only when there aren't any more entries..
        if($_GET['NumLow'] > $numallComments) {
           print 'No More Entries!&';
        }
        break;

      case 'write' :
         // Recieve Variables From Flash
         $name = ereg_replace("&", "%26", $_POST['yourname']);
         $email = ereg_replace("&", "%26", $_POST['youremail']);
         $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
         $submit = $_POST['submit'];

         // Current system date in yyyy-mm-dd format
         $submitted_on = date ("Y-m-d H:i:s",time());

         // Check if its submitted from Flash
         if($submit == 'Yes'){
         // Insert the data into the mysql table
         $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
                   `name`, 
                   `email`, 
                   `comments`, 
                   `time`
                  ) 
                  VALUES 
                  (\'\','
                   . '\'' . $name . '\',' 
                   . '\'' . $email . '\',' 
                   . '\'' . $comments . '\',' 
                   . '\'' . $submitted_on . '\'
                   )';
         $insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());

Is it after the submit POST [submit] section?
Grateful for any help.

Edited by Reverend Jim: Fixed formatting

2
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by bigginge
0

I would assume you want to put this before for insert the data into the database, so withing the write part of the switch before the SQL query.

0

Thank you so much. I put it here:

// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
		 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 				   $bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
		 		 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';

and it worked a treat. I did alter badword1 etc. with real words. Now just need to sit down and think of the worst words I can.
Marvellous, you're a star.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.