eregi, strpos don't work with query result

knford

I have a language check on my website that will compare the user's input with bad words that are stored in a table. Eregi or strpos works if I specify the word I'm searching for -
$test = strpos($thestring, "badword"); //this works.
if(eregi("badword", $thestring"){}//this works.

I need to use a query to compare the badwords that are stored in a table, so I wrote the following:
$sql="
select *
from words
";
$result = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$test = strpos($thestring, $row['word']);
or
if(eregi($row['word'], $thestring))
}

The query works correctly, that is for sure. I've tried added quotes and assigning the $row['word'] to a variable, nothing works after hours of trying. I just want to see if the bad word is found in the string. Any ideas?
Thank you.

drew010

is that the complete code? if so you are missing some stuff.

hitman6003

$sql="select * from words";
$result = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    if (!strpos($thestring, $row['word'])) {
        continue;
    } else {
        echo "The word $row['word'] is not allowed";
        exit;
    }
}

knford

What stuff am I missing Drew? I included only the important parts of the code in the posting.

knford

Thank you for the code Hitman, but it did not work. It did the same thing my code does - doesn't find it. I think it has something to do with it being a variable in the strpos or eregi test. Like I orginally said, if I replace $row['word'] with a string such as "word", it will find the match if one exists in the table. I appreciate your efforts.

drew010

i just made this, should be similar since its an array, just modify to be in the while loop instead of foreach..

<?php

$words = array('fuck', 'shit', 'damn', 'ass');

$sentence = 'hello there this is so fucked man i cant beleive this shit!';

foreach($words as $word) {
	if (preg_match('/' . preg_quote($word) . '/i', $sentence, $match)) {
		echo 'bad word found!  you can\'t say ' . $match[1] . '!!!!!!';
                exit;
	}
}

?>

knford

Thank you Drew, but unfortunately I am having the same problem as before. I have 1000 words in the table and want to search for each one. Your code, and the code I have included works great when the word to search for is manually coded like:
$words = array('fuck', 'shit', 'damn', 'ass');
I built a dynamic array from the query results, but no luck. $array printed out on the screen as "array('fuck', 'shit', 'damn', 'ass')", so I used the expression $words = $array;, which did not work either.

I also built an array with a key value, $counter, which didn't work as seen in the code below. If I use $array = array('shit', 'fuck', '420'); as also seen in this code, all three tests find the word. I don't understand why searching for a variable specified word doesn't work; it only works if the work being searched for is actually coded into the page. ??? Thanks again!

$thestring = "666 fuck shit cock 420";

	$sql="
	select word
	from words
	";
	$result = mysql_query($sql) or die (mysql_error());
	$counter = 0;
	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
		{
					$fword = strtolower($row['word']);
					$array[$counter] = $fword;
					$counter++;
		}//end while

//$array = array('shit', 'fuck', '420');
foreach($array as $word)
{
if (preg_match('/' . preg_quote($word) . '/i', $thestring, $match))
{
echo 'bad word found! you can\'t say ' . $match[0] . '!!!!!!';

		} 

	 $test = strpos($thestring, $word);
		{
			if($test === false)
				{
				}
			else
				{
					print "word was found with strpos - $word";
				}
		} 

	 if(eregi($word, $thestring)) 
		{
			print "word found with eregi - $word";
		}
exit;

}

knford

I gave in and put the badwords into the code instead of using the database table. I printed out all the words to the screen in an acceptable format for an array: 'shit', 'fuck', etc.... I copied all of them and pasted into the code. It works. Thank you all for your help.

xblue

Wouldn't something like
SELECT word FROM words WHERE '$thestring' LIKE CONCAT ('%', word, '%')
have been what you were originally looking for?

Btw, if you test for your badwords one by one, like in Drew's suggestion and your last code, a simple string function like stristr may be more appropriate than regex functions, I think.