Page 1 of 1
badWords array and preg_match
Posted: Mon Feb 28, 2011 4:01 pm
by gd77
Hello:
consider the following:
tye1:
$badwords=array('word1','word2');
type2:
$badwords="word1|word2";
$txt="some text...";
eregi is deprecate we can use preg_match or preg_grep well both of them not working with me.
if you can help, I ll be thankfull.
Thanks.
Re: badWords array and preg_match
Posted: Mon Feb 28, 2011 4:11 pm
by AbraCadaver
Can't use an array for the pattern, it needs to be a string. You need delimiters, and maybe the
i modifier for case insensitivity:
And you might want a word boundary so it won't match p
assive etc.
If you want to use an array for some reason then implode() it with |.
Re: badWords array and preg_match
Posted: Mon Feb 28, 2011 4:12 pm
by John Cartwright
Don't forget to use preg_quote() on each word to escape any harmful characters.
Re: badWords array and preg_match
Posted: Mon Feb 28, 2011 9:02 pm
by gd77
so Basically this should work?
$txt="hi how r u jizz, yed";
$badWords='jizz|yed';
$badWords1 = preg_quote($badWords);
if(preg_match('/^\b'.$badWords1.'\b+$/i', $txt)){
echo "worked<br>";
}
getting Warning: Compilation failed: nothing to repeat at offset.
Re: badWords array and preg_match
Posted: Tue Mar 01, 2011 10:27 am
by AbraCadaver
I gave you the pattern and you have arbitrarily added things to it which is why it doesn't work. Don't use preg_quote(). You only need this when you are using raw data. It will escape needed characters in your pattern like | so don't use it.
Probably:
Code: Select all
preg_match('/\b('.$badWords1.')\b/i', $txt);
Re: badWords array and preg_match
Posted: Tue Mar 01, 2011 11:50 am
by Jonah Bron
How about this?
Code: Select all
$isTainted = false;
for ($words as $word) {
if (stripos($text, $word) !== false) {
$isTainted = true;
break;
}
}
No regular expression matching, and stops as soon as it gets a positive. Not sure if it's really faster though, I'd have to do a performance test. It's advantage is probably variable.
Re: badWords array and preg_match
Posted: Tue Mar 01, 2011 11:51 am
by John Cartwright
AbraCadaver wrote:I gave you the pattern and you have arbitrarily added things to it which is why it doesn't work. Don't use preg_quote(). You only need this when you are using raw data. It will escape needed characters in your pattern like | so don't use it.
Probably:
Code: Select all
preg_match('/\b('.$badWords1.')\b/i', $txt);
Why wouldn't you want to use preg_quote()? What if a word was added in the future that may have a character that will break the pattern?
And lastly, you want to apply preg_quote() to each individual word, not the combined words.
I.e.,
Code: Select all
$badWords = array('jizz', 'yed');
$badWordsPreg = implode('|', array_map('preg_quote', $badWords));
if(preg_match('/\b'. $badWordsPreg .'\b+$/i', $txt)){
echo "worked<br>";
}
Notice I removed the ^ in the pattern, since this would only match if the bad words appeared at the beginning of the pattern.
Re: badWords array and preg_match
Posted: Tue Mar 01, 2011 11:54 am
by Jonah Bron
Or if you go the regex route, it'd be better to put the words into an array, preg_quote(), then implode().
Code: Select all
$words = array('word1', 'word2');
$words = array_map('preg_quote', $words);
$words = implode('|', $words);
// match...
Edit: oops, you beat me to it John

Re: badWords array and preg_match
Posted: Tue Mar 01, 2011 1:36 pm
by gd77
Thanks Jonah, worked great, array_map was the missing piece

.
Thanks to you all too
