Page 1 of 1

spam protection: detect html tags or match patterns

Posted: Thu Mar 11, 2010 9:57 am
by lauthiamkok
Hi,

This is what I can think of to detect spams from injecting into my database,

Code: Select all

$SpamError = "Malicious code content detected. Your IP Number of ".getenv("REMOTE_ADDR")."has been logged.";
 
if (preg_match("/a href/i", "$message_content")) {
  $spam = true; 
  echo '<error message="'.$SpamErrorMessage.'"/>'; 
}
the idea is to match if <a href> exist, if it does, then it is a spam.

what if I have more patterns that I want to check, like <img> tags? how should I rewrite this code?
preg_match("/a href/i", "$message_content");
but I think the best way is to detect if there is any html tag exist, then it must be a spam. how do I write the code to detect html tags from the input...?

Many thanks,
Lau

Re: spam protection: detect html tags or match patterns

Posted: Thu Mar 11, 2010 10:40 am
by AbraCadaver
Lots of ways to do this. Here is a simple one:

Code: Select all

if ($message_content != strip_tags($message_content)) {
  $spam = true;
  echo '<error message="'.$SpamErrorMessage.'"/>';
}

Re: spam protection: detect html tags or match patterns

Posted: Thu Mar 11, 2010 10:53 am
by lauthiamkok
AbraCadaver wrote:Lots of ways to do this. Here is a simple one:

Code: Select all

if ($message_content != strip_tags($message_content)) {
  $spam = true;
  echo '<error message="'.$SpamErrorMessage.'"/>';
}
this is a great idea! thanks. I have thought of counting the sting length in this way,

$lenght_before = strlen($message_content);
$lenght_after = strlen(strip_tags($message_content));
if($lenght_after < $lenght_before)
{
$spam = true; echo '<error message="'.$spamErrorMessage.'"/>';
}
}

but your code is simpler and i like it!

thanks! :D