A Problem with Sanitize Message?

wadboram

I have added the below code to my the top of my sendmessage.php file to prevent users in my site to share emails and URLs but this doesn't work.
What could be wrong with the code? Should I call the functions anywhere ?

function sanitize_message( $message , $email = true, $numbers = true, $url = true )
{
$message = strip_tags( $message );

if($email)
{
//strip email address
$email_regexp = "[_A-Za-z0-9-]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)*(\.[A-Za-z]{2,3})";
$message = ereg_replace($email_regexp, '', $message);
}



//eliminate url from message
if($url)
{
$url_regexp = "(https?://)?(www\.)?([a-zA-z0-9\.])*[a-zA-Z0-9]*\.[a-z]{2,3}";
$message = ereg_replace($url_regexp, '', $message);
}

//eliminate all the bad words
$bad_words = array("skype", ".net", ".com", "org", "biz", "@", "yahoo.com", "gmail", "hotmail", "mail", "e-mail", "msn", "dot",);
$message = str_ireplace($bad_words, '', $message);

return $message; }

bradgrafelman

wadboram;10990213 wrote:
What could be wrong with the code?

Well for one, it's trying to do something that is already pretty much impossible by going about it all the wrong way. Do you really think that simply removing the words "dot" or "mail" is going to do anything other than frustrate the users who are trying to actually use those words while amusing those who easily sidestep your censor?

wadboram;10990213 wrote:
Should I call the functions anywhere ?

Which "functions" ? Also, how are you using this sanitize_message() function?

wadboram

My site is a microjobs site and users sometimes share personal details to finalize sales and bypass the site.

I added the previous code early in the sendmessage.php file that is responsible for sending messages between members.

bradgrafelman

wadboram;10990220 wrote:
My site is a microjobs site and users sometimes share personal details to finalize sales and bypass the site.

Great, but that doesn't really address either concern I mentioned above. Preventing people from ever using the word "dot" isn't going to stop someone who actually wants to bypass the filter and provide their e-mail address. My argument was that your censor mechanisms are doing way more harm than they could possibly do good.

wadboram;10990220 wrote:
I added the previous code early in the sendmessage.php file that is responsible for sending messages between members.

Okay, but again that doesn't show us how you're actually using that function. Or are you actually only defining a function and expecting PHP to magically use it at the appropriate time on its own?