This is what I can think of to detect spams from injecting into my database,
Code: Select all
$SpamError = "Malicious code content detected. Your IP Number of ".getenv("REMOTE_ADDR")."has been logged.";
if (preg_match("/a href/i", "$message_content")) {
$spam = true;
echo '<error message="'.$SpamErrorMessage.'"/>';
}what if I have more patterns that I want to check, like <img> tags? how should I rewrite this code?
but I think the best way is to detect if there is any html tag exist, then it must be a spam. how do I write the code to detect html tags from the input...?preg_match("/a href/i", "$message_content");
Many thanks,
Lau