I have a language check on my website that will compare the user's input with bad words that are stored in a table. Eregi or strpos works if I specify the word I'm searching for -
$test = strpos($thestring, "badword"); //this works.
if(eregi("badword", $thestring"){}//this works.

I need to use a query to compare the badwords that are stored in a table, so I wrote the following:
$sql="
select *
from words
";
$result = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$test = strpos($thestring, $row['word']);
or
if(eregi($row['word'], $thestring))
}

The query works correctly, that is for sure. I've tried added quotes and assigning the $row['word'] to a variable, nothing works after hours of trying. I just want to see if the bad word is found in the string. Any ideas?
Thank you.

    is that the complete code? if so you are missing some stuff.

      $sql="select * from words";
      $result = mysql_query($sql) or die (mysql_error());
      while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
          if (!strpos($thestring, $row['word'])) {
              continue;
          } else {
              echo "The word $row['word'] is not allowed";
              exit;
          }
      }
      

        What stuff am I missing Drew? I included only the important parts of the code in the posting.

          Thank you for the code Hitman, but it did not work. It did the same thing my code does - doesn't find it. I think it has something to do with it being a variable in the strpos or eregi test. Like I orginally said, if I replace $row['word'] with a string such as "word", it will find the match if one exists in the table. I appreciate your efforts.

            i just made this, should be similar since its an array, just modify to be in the while loop instead of foreach..

            <?php
            
            $words = array('fuck', 'shit', 'damn', 'ass');
            
            $sentence = 'hello there this is so fucked man i cant beleive this shit!';
            
            foreach($words as $word) {
            	if (preg_match('/' . preg_quote($word) . '/i', $sentence, $match)) {
            		echo 'bad word found!  you can\'t say ' . $match[1] . '!!!!!!';
                            exit;
            	}
            }
            
            ?>
            

              Thank you Drew, but unfortunately I am having the same problem as before. I have 1000 words in the table and want to search for each one. Your code, and the code I have included works great when the word to search for is manually coded like:
              $words = array('fuck', 'shit', 'damn', 'ass');
              I built a dynamic array from the query results, but no luck. $array printed out on the screen as "array('fuck', 'shit', 'damn', 'ass')", so I used the expression $words = $array;, which did not work either.

              I also built an array with a key value, $counter, which didn't work as seen in the code below. If I use $array = array('shit', 'fuck', '420'); as also seen in this code, all three tests find the word. I don't understand why searching for a variable specified word doesn't work; it only works if the work being searched for is actually coded into the page. ??? Thanks again!

              $thestring = "666 fuck shit cock 420";

              	$sql="
              	select word
              	from words
              	";
              	$result = mysql_query($sql) or die (mysql_error());
              	$counter = 0;
              	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
              		{
              					$fword = strtolower($row['word']);
              					$array[$counter] = $fword;
              					$counter++;
              		}//end while

              //$array = array('shit', 'fuck', '420');
              foreach($array as $word)
              {
              if (preg_match('/' . preg_quote($word) . '/i', $thestring, $match))
              {
              echo 'bad word found! you can\'t say ' . $match[0] . '!!!!!!';

              		} 
              
              	 $test = strpos($thestring, $word);
              		{
              			if($test === false)
              				{
              				}
              			else
              				{
              					print "word was found with strpos - $word";
              				}
              		} 
              
              	 if(eregi($word, $thestring)) 
              		{
              			print "word found with eregi - $word";
              		}
              exit;

              }

                I gave in and put the badwords into the code instead of using the database table. I printed out all the words to the screen in an acceptable format for an array: 'shit', 'fuck', etc.... I copied all of them and pasted into the code. It works. Thank you all for your help.

                  Wouldn't something like
                  SELECT word FROM words WHERE '$thestring' LIKE CONCAT ('%', word, '%')
                  have been what you were originally looking for?

                  Btw, if you test for your badwords one by one, like in Drew's suggestion and your last code, a simple string function like stristr may be more appropriate than regex functions, I think.

                    Write a Reply...