spam protection: detect html tags or match patterns

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lauthiamkok
Forum Contributor
Posts: 153
Joined: Wed Apr 01, 2009 2:23 pm
Location: Plymouth, United Kingdom

spam protection: detect html tags or match patterns

Post by lauthiamkok »

Hi,

This is what I can think of to detect spams from injecting into my database,

Code: Select all

$SpamError = "Malicious code content detected. Your IP Number of ".getenv("REMOTE_ADDR")."has been logged.";
 
if (preg_match("/a href/i", "$message_content")) {
  $spam = true; 
  echo '<error message="'.$SpamErrorMessage.'"/>'; 
}
the idea is to match if <a href> exist, if it does, then it is a spam.

what if I have more patterns that I want to check, like <img> tags? how should I rewrite this code?
preg_match("/a href/i", "$message_content");
but I think the best way is to detect if there is any html tag exist, then it must be a spam. how do I write the code to detect html tags from the input...?

Many thanks,
Lau
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: spam protection: detect html tags or match patterns

Post by AbraCadaver »

Lots of ways to do this. Here is a simple one:

Code: Select all

if ($message_content != strip_tags($message_content)) {
  $spam = true;
  echo '<error message="'.$SpamErrorMessage.'"/>';
}
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
lauthiamkok
Forum Contributor
Posts: 153
Joined: Wed Apr 01, 2009 2:23 pm
Location: Plymouth, United Kingdom

Re: spam protection: detect html tags or match patterns

Post by lauthiamkok »

AbraCadaver wrote:Lots of ways to do this. Here is a simple one:

Code: Select all

if ($message_content != strip_tags($message_content)) {
  $spam = true;
  echo '<error message="'.$SpamErrorMessage.'"/>';
}
this is a great idea! thanks. I have thought of counting the sting length in this way,

$lenght_before = strlen($message_content);
$lenght_after = strlen(strip_tags($message_content));
if($lenght_after < $lenght_before)
{
$spam = true; echo '<error message="'.$spamErrorMessage.'"/>';
}
}

but your code is simpler and i like it!

thanks! :D
Post Reply