Name Filter

Arc

Is there a name filter algorythm out there that filters out obscene names? Or do i have to use a 1,000 if statements?

For example if someone tried to register a name like xxSh!txx i would want to kick it out.

Also i would like to keep out characters like `~@#$%^{&*()-+=[]{}|;:"<>,.?/} etc... and other odd characters like Å√ Ã etc...

Isnt there some ascci thing where i can go if keyascci not between this number and that number then error?

mahers

I'm not sure on the name filter, but to disallow special characters you can use preg_match.


$string = "@$Monk3y";

if(!preg_match('/[A-Za-z0-9_]/',$string)) {
   echo "error";  

}
else {
  echo "everything is A.OK";
}

This will only allow characters within the square brackets, which in this case is all upper/lower case alpha characters, numeric characters and underscores.

xblue

yes, I agree preg_match() will be an efficient way to do this, but the above statement would always be true as long as there is at least one letter, digit or underscore found in the string, which is probably not what was intended.

turn it the other way round:

if (preg_match('/[^A-Za-z0-9_]/',$string)) {
   echo "special character error";  

}

the badwords list, you could do it with preg_match(), too, like this:

// dummy array
$badwords = array('badword1', 'badword2', 'badword3');

$pattern = implode('|', $badwords);
if (preg_match("/$pattern/i", $string) {
   echo "badword error";  

}

Arc

Cool xblue i had just tried the first example and did indeed notice i was always getting a true result.. I also tried preg_match_all to no avail.

I'm gunna give your example a shot now😃 Thanks!

Arc

Yep works a treat thanks again!

phplearner

xblue:

Very helpful code. Do you know how this could be done by reading in a list of 'badwords' from a 'badwords' table/column in a MySQL DB?

Thanks in advance.

xblue

doesn't matter much where the array is coming from, can be a flat file or a database or anything (actually wouldn't need to be an array, the crucial thing is to get all elements concatenated separated by a vertical bar).

$sql = "SELECT column FROM table";
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)){
    $badwords[] = $row['column'];
}

phplearner

Hello, xblue:

Thanks for your reply.

Well, if I wanted to check the text of a 'text' field input like $text and if any of the 'badwords' in the dB table are found, to substitute a " " (blank space) or maybe an "*" (asterisk) instead, how would I go about this?

The critical need is to take care of any derivations of the 'bad word' like:

badword = 'dern'

and to catch 'derned' or 'derning' , etc., etc.

I think this could be a very useful thing for many others too. Perhaps it could be put into some kind of 'function' ?

Sorry I am so new to PHP but trying to learn & incorporate some of these things as I go along.

phplearner

Well, I tried to make a whack at this but am now stuck!

$sql = "SELECT column FROM table";
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)){
$badwords[] = $row['column'];

$pattern = implode('|', $badwords[]);
if (preg_match("/$pattern/i", $text) {
$text = ????unknown???? ;  
}

}

BTW, exactly how do you Post your PHP code so that it shows formatted in colors so nicely???

Thank you.

xblue

okay, step by step ...

1) to enable syntax highlighting, enclose your php code in [php] [/php] tags.

2) you need to get the logic of the code (and some syntax basics). first you put the array together. and you close the while loop with a }.
only after that you implode the array into a string with implode(). implode() takes the array as argument, no square brackets here.

3) the regular expression doesn't regard word boundaries, so 'derned' or 'derning' would be matched as well anyway, but 'xxxdernxxx' would be matched, too.

4) replacing each character with something isn't easy with this approach.
you could always use e.g. 4 , may be easiest.
or instead of imploding you could use the array in preg_replace (it can take arrays as argument instead of strings), and create another array for the replacement argument (possibly using strlen() and str_repeat() to create a sequence of of the same length).

phplearner

Hello xblue:

Thanks for all the detailed info. This is gonna take me a while to work on!

RE:

replacing each character with something isn't easy with this approach. you could always use e.g. 4 *, may be easiest

Oh, I think I miscommunicated. I meant just replace any 'badword' (in total) with either " " or "*" ... not each letter :-)

Not sure what you mean by use "e.g. 4 *" ... what is that?

Thanks.

xblue

oh, forget it if you just want one asterisk.
I was thinking of a sequence of e.g. 4 asterisks, like
"good text, **** text, good text again."

phplearner

Ugh!

I created a tiny test 'badwords' DB:

=========================

-- DATABASE = bwfilter
DROP DATABASE if exists bwfilter;
CREATE DATABASE bwfilter;

-- TABLE = badwords
drop table if exists badwords;
CREATE TABLE badwords (
ID int not null auto_increment primary key,
badword varchar(30) not null
);

INSERT INTO badwords SET
badword='dern'
;

INSERT INTO badwords SET
badword='carp'
;

INSERT INTO badwords SET
badword='yowl'
;

=========================

And I've tried putting this all together, but just can not figure out what is causing the Error on LINE 23 ... or exactly what to do if I simply want to further process $text (once any 'badword(s)' may have been removed:

<?
?>
<html>
<head></head>
<body>
<?
if (isset($_POST['submit'])) {
$text = $_POST['text'];
echo "$test"; // For Testing
$dbcnx = @mysql_connect('localhost', 'me', '');
mysql_select_db('bwfilter');

$sql = "SELECT badword FROM badwords"; 
$result = mysql_query($sql) or die(mysql_error()); 
while ($row = mysql_fetch_assoc($result)){ 
$badwords[] = $row['badword']; 

if(!$result) {
echo "Query not executed successfully.";
exit;
} // end if $result

$pattern = implode('|', $badwords[]);   // LINE 23 ERROR
if (preg_match("/$pattern/i", $text) {
   echo "badword error";  

} // end if $pattern
} // end isset
?>
<form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
<p>Enter Some Text:<br>
Text: <input type="text" name="text" size="20" maxlength="50"><br><br>
<input type="submit" name="submit" value="SUBMIT"></p>
</form>
</body>
</html>
<?
?>

"Help!" - Thanks.

xblue

look at my previous post and the first example:
"implode() takes the array as argument, no square brackets here."

$pattern = implode('|', $badwords);

also watch your curly brackets, I count 4 opening and 3 closing. make sure you close the while loop.

phplearner

I nuked several of my previous posts as have made substantial headway hacking around.

This will now replace the 1st 'dern' badword with a smilie text.

However, it won't work on the 2nd or 3rd word in my test DB, and get the following error in every case:

Fatal error: [] operator not supported for strings on line 32

Obviously, I don't understand how to handle this situation ... any help is greatly appreciated. This thing is sooooo close to working!

Thank you.

<?
?>
<html>
<head></head>
<body>
<?
  function filterwords($test, $replacewith=":-)") {  

    global $allwords;  

    global $badwords;
	global $text;
    $badwords = implode("|", $badwords);   

    $allwords = explode(" ", $text);   

    for($j=0;$j<count($badwords);$j++) {   

      for($i=0;$i<count($allwords);$i++) {   

	    if(is_int(strpos(strtolower($allwords[$i]), $badwords[$j]))) {      

          $text = eregi_replace($allwords[$i], $replacewith, stripslashes($text)); 
        }   

      }   

    }   

    return $text;   

  } 

if (isset($_POST['submit'])) {  // start isset if
$text = $_POST['text'];
echo "Original Text: $text<br>"; // For Testing
$dbcnx = @mysql_connect('localhost', 'me', '');
mysql_select_db('bwfilter');

$sql = "SELECT badword FROM badwords"; 
$result = mysql_query($sql) or die(mysql_error()); 
while ($row = mysql_fetch_assoc($result)){  // start $sql if
$badwords[] = $row['badword']; 

if(!$result) {  // start $result if
echo "Query not executed successfully.";
exit;
} // end if $result

$text = filterwords($text,":-)");   

echo "Filtered Text: $text";   

} // end $sql if
} // end isset if
?>
<form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
<p>Enter Some Text:<br>
Text: <input type="text" name="text" size="30" maxlength="30"><br><br>
<input type="submit" name="submit" value="SUBMIT"></p>
</form>
</body>
</html>
<?
?>

xblue

the only thing you need is some understand what the code you write is doing, I think.

again, for the version using regular expression (which I find more concise), it is really simple.

// assuming connection and all that is done
$sql = "SELECT badword FROM badwords"; 
$result = mysql_query($sql) or die(mysql_error()); 
while ($row = mysql_fetch_assoc($result)){  // start $sql if(??? it's not if, it's while)
$badwords[] = $row['badword']; 
} // you need to close the while loop here!


$pattern = implode('|', $badwords);   // remove the square brackets
echo preg_replace("/$pattern/i", ':-)', $text);

phplearner

xblue:

THANK YOU...it works...you are a GENIUS 😃

Sorry for the delay in responding. Been sick & swamped with non-computer stuff.

Umh, I just got an idea that it might be cool to try and figure out how to put this into a 'function' ... to simplify checking 5 or 10 'text' input fields on a form. !

If you have any ideas on how to make it work for ALL derivations of a 'badword' that would also be greatly appreciated.

Like, if the 'badword' in the db is 'dern' ... that it would also nuke 'derning' ... 'underned' ... etc.

I'm thinking maybe I could assign a variable to switch between just nuking the strict 'badword' OR to have it nuke derivations if desired.

So many possibilities with this thing!!!

Regards,

xblue

Hi phplearner,

really long ago, but glad you figured it out.

Like, if the 'badword' in the db is 'dern' ... that it would also nuke 'derning' ... 'underned' ... etc.

the regex should be doing this automatically since we do not care for word boundaries, or doesn't it?

phplearner

Originally posted by xblue

the regex should be doing this automatically since we do not care for word boundaries, or doesn't it?

Nope...it does not catch the derivations, so still up a creek here.