Page 1 of 1

How do you find specific word in variable?

Posted: Wed Sep 23, 2009 1:43 pm
by simonmlewis
Hi.

We are receiving SPAM in a DB system, and it all has a specific word within the content, so I want to run a script that finds that word, and disallows it in the system altogether.

IE. sdfh s dhfs hsk fhasBLUEalksdfj aslkj fs

If the person has sent this, and we say "if variable contains BLUE" then ignore and return to site.

I think it's STRPOS or STRIPOS or something like that, but I have not done anything really like this before to know what it is.

Can anyone offer some guidance please?

Thanks.

Re: How do run query only if variable does NOT contain somethin?

Posted: Wed Sep 23, 2009 1:58 pm
by simonmlewis
I have updated this Subject, as I need it to only do something if a word is NOT inside the context.

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 1:59 pm
by Darhazer
stripos for specific word, preg_match for specific pattern
But this is not the best way to stop spam. From where it is coming? If it is from a form that you've build, add CAPTCHA. If it is from e-mail server, use antispam software like spam assassin.

Edit:
to do something if it's not inside the variable:

Code: Select all

if (stripos($var, 'word') === false) {
// your code
}

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:03 pm
by simonmlewis
** sorry, just saw your last bit of the comment - thanks,.

Yes, I can write CAPTCHA into it tomorrow, but for this evening I need a 'quick fix' that will just stop it coming through.

It's from a form.

how do you write in preg-match? ie
if $variable != "theword" { do the job .......

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:07 pm
by simonmlewis
MMmmm no that just blocks out everything AFTER 'word'.

I just want it to say: if the word is NOT in this context, then ....do the job.

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:11 pm
by jackpf
Use Darhazer's code, but compare it to true.

You don't need regex for this.

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:14 pm
by John Cartwright
I'm not exactly sure how well this will perform when facing a large ban word list, but it demonstrates how you can accomplish this with preg_match() as per your question.

Code: Select all

$source = 'your post contents';
 
$bannedwords = array(
   'berk',
   'jerk',
);
 
$bannedwords = array_map('preg_quote', $bannedwords); //escape any malicious characters in banned word list 
 
if (!preg_match('/'. implode('|', $bannedwords) .'/i', $source)) { //case insensitive match
   //source ok
} else {
   //naughty detected
}
 

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:21 pm
by simonmlewis
jackpf
Same issue.

The other script looks rather intense. I thought it would be a one-liner that would fix it.
I need to block just one word (it's not bad language either).

ie.
d skhf sk hfskh f kBLUEasdjfsjdf

If "blue" is in the text above, NONE of it goes through.

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:26 pm
by John Cartwright
simonmlewis wrote:I thought it would be a one-liner that would fix it.
My script is actually only 2 lines when you removed the variable definitions..

If you are implementing a banned word list, surely you want to be able to match against multiple words instead of a single one?

Lastly, instead of saying the previous suggestions aren't working, post exactly what you have tried, and what the result was. Always give the updated source code when you want changed things to keep us all on the same page.

Re: How do you find specific word in variable?

Posted: Wed Sep 23, 2009 2:30 pm
by simonmlewis
Sorry yes, I have just tried it,, though I didn't have it action anything if it DID find a fault. Only if all was OK.

But what it did was to post a BLANK to the database. So it did actually run the script.

Code: Select all

 
$nickname = $_POST['nickname'];
$productname = $_POST['productname'];
$usercomments = $_POST['usercomments'];
$source = $usercomments;
 
$bannedwords = array(
   'url',
   'http',
);
 
$bannedwords = array_map('preg_quote', $bannedwords);
 
if (!preg_match('/'. implode('|', $bannedwords) .'/i', $source))
{
$nickname = $_POST['nickname'];
$prodname = $_POST['prodname'];
$prodid = $_POST['prodid'];
$usercomments = $_POST['usercomments'];
$content=mysql_real_escape_string($_POST["content"]);
mysql_query("INSERT INTO usercomments (prodid, nickname, prodname, usercomments) VALUES ('$prodid', '$nickname', '$prodname', '$usercomments')");
}
Only it inserts nothing into the database but an empty line.

Re: How do you find specific word in variable?

Posted: Thu Sep 24, 2009 3:46 pm
by John_
Well, you could always just use a simple regular expression match.

Here's what I'd do:

Code: Select all

 
<?php
// List of forbidden words
// Do not remove '/i', as it makes the check case-insensitive
// To add a new word to the list, add the word proceeded by a pipe (|) character
$filter = '/(filtered|words|here)/i';
 
// Text string
$str = $_POST['string'];
// Filter any scripting or coding attributes
$str = trim(strip_tags($str));
 
$match = false;
if(preg_match($filter, $str)) $match = true;
else $match = false;
 
if($match) {
    echo "<p><b>Error:</b> \"${str}\" contains one or more words that are considered spam.</p>";
   exit;
} else {
   doSomething();
}