I have set up a guestbook on a flash site and the customer has asked for a bad word filter to be incorporated. I have this code for it:

$bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}

Where in the following code should this be inserted, please:

// Part Two - Choose what action to perform
   $action = $_GET['action'];

   switch($action) {
      case 'read' :
         // Fetch all comments from database table
         $sql = 'SELECT * FROM `' . $table . '`';
         $allComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numallComments = mysql_num_rows($allComments);
         // Fetch page-wise comments from database table
         $sql .= ' ORDER BY `time` DESC LIMIT ' . $_GET['NumLow'] . ', ' . $numComments;
         $fewComments = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());
         $numfewComments = mysql_num_rows($fewComments);
         // Generate Output for Flash to Read
         print '&totalEntries=' . $numallComments . '&';
         print "<br>&entries=";  

         if($numallComments == 0) {
            print "No entries in the guestbook, as yet..";
         } else { 
            while ($array = mysql_fetch_array($fewComments)) {
               $name = mysql_result($fewComments, $i, 'name');
               $email = mysql_result($fewComments, $i, 'email');
               $comments = mysql_result($fewComments, $i, 'comments');
               $time = mysql_result($fewComments, $i, 'time');

               print '<b>Name: </b>' . $name . '<br><b>Email: </b>' . $email . '<br><b>Comments: </b>' . $comments . '<br><i>Date: ' . $time . '</i><br><br>';
               $i++;
            }
        }
        // Print this only when there aren't any more entries..
        if($_GET['NumLow'] > $numallComments) {
           print 'No More Entries!&';
        }
        break;

      case 'write' :
         // Recieve Variables From Flash
         $name = ereg_replace("&", "%26", $_POST['yourname']);
         $email = ereg_replace("&", "%26", $_POST['youremail']);
         $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
         $submit = $_POST['submit'];

         // Current system date in yyyy-mm-dd format
         $submitted_on = date ("Y-m-d H:i:s",time());

         // Check if its submitted from Flash
         if($submit == 'Yes'){
         // Insert the data into the mysql table
         $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
                   `name`, 
                   `email`, 
                   `comments`, 
                   `time`
                  ) 
                  VALUES 
                  (\'\','
                   . '\'' . $name . '\',' 
                   . '\'' . $email . '\',' 
                   . '\'' . $comments . '\',' 
                   . '\'' . $submitted_on . '\'
                   )';
         $insert = mysql_query($sql, $DBConn) or die("Error in GuestBook Application: " . mysql_error());

Is it after the submit POST [submit] section?
Grateful for any help.

Edited 3 Years Ago by Reverend Jim: Fixed formatting

I would assume you want to put this before for insert the data into the database, so withing the write part of the switch before the SQL query.

Thank you so much. I put it here:

// Print this only when there aren't any more entries..
		if($_GET['NumLow'] > $numallComments) {
		   print 'No More Entries!&';
		}
		break;
		 
	  case 'write' :
	     // Recieve Variables From Flash
		 $name = ereg_replace("&", "%26", $_POST['yourname']);
		 $email = ereg_replace("&", "%26", $_POST['youremail']);
		 $comments = ereg_replace("&", "%26", $_POST['yourcomments']);
		 $submit = $_POST['submit'];
		 	 				   $bad_words = explode('|', 'badword1|badword2|badword3|etc|etc');
foreach ($bad_words as $naughty)
{
$comments = eregi_replace($naughty, "#!@%*#", $comments);
}
		 // Current system date in yyyy-mm-dd format
		 $submitted_on = date ("Y-m-d H:i:s",time());
		 		 
		 // Check if its submitted from Flash
		 if($submit == 'Yes'){
		 // Insert the data into the mysql table
		 $sql = 'INSERT INTO ' . $table . 
                ' (`ID`, 
				   `name`, 
				   `email`, 
				   `comments`, 
				   `time`
				  ) 
				  VALUES 
				  (\'\','
				   . '\'' . $name . '\',' 
				   . '\'' . $email . '\',' 
				   . '\'' . $comments . '\',' 
				   . '\'' . $submitted_on . '\'
				   )';

and it worked a treat. I did alter badword1 etc. with real words. Now just need to sit down and think of the worst words I can.
Marvellous, you're a star.

This article has been dead for over six months. Start a new discussion instead.