在mysql插入查询中阻止攻击性词语,阻止链接等?

时间:2013-05-01 10:31:57

标签: php html mysql

我正在运行一个mysql插入查询,这个想法是用户可以向用户个人资料提交评论,但我想知道是否有办法可以阻止攻击性词语,链接并防止人们通过博客链接发送垃圾邮件的方式等

我会使用php if语句来忽略这些关键字; “f * ck”等,我觉得这样的问题唯一的问题是我必须在ignore语句中包含所有单词,

或者我会在我的mysql中包含一些内容,无论哪种方式我想阻止所有链接插入到表单中,

可以给我一些指导并告诉我如何做到这一点,谢谢

HTML:

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<textarea name="review_recipient" id="review_recipient" maxlength="180" cols="33" rows="5" style=""></textarea><label style="">Who is the Review from?</label>
<br/>
<textarea name="review_content" id="review_content" maxlength="180" cols="33" rows="5" style=""></textarea>
<label style="">Say Something...</label>

<input name="add_review" type="image" src="http://www.playtimeboys.com/assets/img/icons/save-edit.png" BORDER="0" ALT="SUBMIT!"class="review_submit4" /></form>

PHP / MySQL的:

<?php ob_start(); ?>
     <?php 
    // check if the review form has been sent
    if(isset($_POST['review_content']))
    {
        $content = $_POST['review_content'];
            //We remove slashes depending on the configuration
            if(get_magic_quotes_gpc())
            {
                    $content = stripslashes($content);
            }
            //We check if all the fields are filled
            if($_POST['review_content']!='')
            {


                {
                $sql = "INSERT INTO ptb_reviews (id, from_user_id, to_user_id, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$profile_id."', '".$content."');";
                mysql_query($sql, $connection);

                $_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>"; 
    header("Location: {$_SERVER['HTTP_REFERER']}");

    } } } } ?>

2 个答案:

答案 0 :(得分:1)

$blocked_words="test1,test2,test3,test4";//list of offensive word
$review_from_user ="Your reviews test2 is following hello test1"; //review from user 


$blocked_words_expo = explode(",", $blocked_words);  

foreach($blocked_words_expo as $rmv)
{
    if(strpos($review_from_user,$rmv)==true)
    {
        $review_from_user = str_replace($rmv,'',$review_from_user); 
    }
}
echo $review_from_user;

//and then insert $review_from_user

答案 1 :(得分:0)

您可以尝试从坏词表中获取值。如下所示

$blocked_words=array();
$q="select words from block";
$rs=mysql_query($q);
while($rd=mysql_fetch_object($rs))
{
$blocked_words[]=$rd->words;
}
$string_words=explode(" ", $_POST['review_content']);  
$result = array_intersect($blocked_words, $string_words);

通过上面的代码,您将从“阻止”表中获取所有单词到$ blocked_words。您可能需要根据需要进行更改

相关问题
最新问题