STRPOS Command and Punctuation

I have a form on my site. Hackers are using scripts to fill it out. The generally have punctuation in the field. (ex: Nice Site! or Can We Meet?)

I want to have the form recognize the punctuation, then send the hacker to another page (a fake page, heh-heh).

I know it is the STRPOS command, but I am not getting it to work right:

Here is the part of the script so far:

// Punctuation Hackers use
$punctuation = '\'"<>;:%$@~`_=+|}{[]?*^';

// $title1 is the field they fill out on the form
$hacker = strpos($title1, $punctuation);

if ($hacker == false)
{
// Then do this
}

else {
//DO THIS INSTEAD
}

It isn't working. What do I have wrong?

"strpos()" matches the whole needle string, not just any one of the characters.

You could use "strcspn():

if (($len = strcspn($title1, $punctuation)) == strlen($title1)) {
    echo 'ok' . '<br />';
} else {
    echo 'not ok' . '<br />';
}