[RESOLVED] not allowing words in string

DKY

I have a text area that I input into a mysql database (in essence it's somewhat of a makeshift guest book). The problem is that I keep getting spammed so I was thinking, is there a way to run the info from the text area through a check that would check if certain words from another file (maybe say, a txt file) are in it and if they are then don't allow the post to take place?

NogDog

Yes, there's a way. You could use [man]file/man to read your text file and [man]preg_match/man or [man]stripos/man to look for matching words.

Scriptmaker

if you're already using a database, just add another table of bad words. Then use an explode function on the string and loop through the resulting array, checking the table every time to see if it is a bad word. Might be a little slow, so I'm sure someone with more experience will think of something faster, but that's what I would do.

MarkR

Spammers will find a way around any lexical filtering you do, or it will have false positives and annoy your users. Your best bet is:

rate-limit the rate at which submissions or attempts can be made (from a particular IP address if you like)
Make a usable interface which allows the admin to efficiently bulk delete spam
Don't publish unapproved records

These won't stop spam, but they will make it easier to delete.

A CAPTCHA is another solution, but it is excessively annoying to your users - avoid it unless you are Google Mail.

Some structural changes to the form submission page may make things harder for the lame-bots (it won't stop all of them, but it might stop some extremely lame ones) - such as placing hidden fields whose values are checked, or things to try to confuse a lamebot's HTML parser such as commented-out hidden fields.

Mark

DKY

Okay, so here's where I'm at. If I put in this code and my .txt file in the same directory it works like a charm. If I put in one of the words and hit the submit button it doesn't allow a submission. For example, I put in "HTTP://" in my list of not allowed words cause realistically speaking I don't want anyone posting any websites. So if I put "http://" and hit the submit button the submission is not allowed. If I put in a website "http://mysite.org" it allows the submission and I can't figure out how to get it to not allow the submission. Help?

$BadWordsListing = file('BadWords.txt');

$CommentBoxForBadWords = strtoupper($_POST["Entry"]);

$has_bad_words = false; 

for ($i = 0; $i < count ($BadWordsListing) && $has_bad_words == false; $i++) { 
    if (stristr ($BadWordsListing [$i], $CommentBoxForBadWords) !== false) $has_bad_words = true; 
} 

if ($has_bad_words) {
    // Don't process 
} 
else {

DKY

This works beautifully, thanks!

if (stristr ($CommentBoxForBadWords, trim($BadWordsListing [$i])) !== false) 
        $has_bad_words = true;