我想在这个聊天系统中添加一个应该避免粗话的功能。我已经尝试实现以下代码:How to block bad words upon form submit
但它对我不起作用,也许我没有把它放到正确的位置。 在将消息放入数据库之前,错误的单词应该在消息之前更改为星号。
有人可以帮我解释一下代码并告诉我我能做些什么吗?
<?php
session_start();
if(!isset($_SESSION['username'])){
?>
<?php
exit;
}
?>
<html>
<head>
<title>Chat Box</title>
<!-- Mobile Optimation -->
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="user-scalable=yes, width=device-width">
<meta http-equiv="cleartype" content="on">
<link rel="stylesheet" type="text/css" href="chat.css" />
<script type='text/javascript' src="http://code.jquery.com/jquery-1.11.2.min.js"></script>
<script>
function submitChat(){
if(form1.msg.value == ''){
alert('Enter your message!');
return;
}
$('#imageload').show();
var msg = form1.msg.value;
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function(){
if(xmlhttp.readyState==4&&xmlhttp.status==200){
document.getElementById('chatlogs').innerHTML = xmlhttp.responseText;
$('#imageload').hide();
}
}
xmlhttp.open('GET','insert.php?msg='+msg,true);
xmlhttp.send();
}
$(document).ready(function(e) {
$.ajaxSetup({cache:false});
setInterval(function() {$('#chatlogs').load('logs.php');}, 2000);
});
function pageScroll(){
$("html, body").animate({ scrollTop: $(document).height() }, "fast");
}
window.onload = function(){
setTimeout(function(){
$("html, body").animate({ scrollTop: $(document).height() }, "fast");
}, 4000);
};
</script>
</head>
<body>
<div class="header">
<div class="header_platz"></div>
<img src="png/home-50.png" class="header_home">
<span class="part_name">Globalchat</span>
<a href="info.php"><img src="png/info-50.png" class="header_info"></a>
<span class="loggedin">Logged in as: <b><?php echo $_SESSION['username']; ?></b></span>
</div>
<div id="imageload" style="display:none;">
<img src="1-0.gif" />
</div>
<div id="chatlogs">
LOADING CHATLOGS PLEASE WAIT... <img src="1-0.gif" />
</div>
<div class="chatbox">
<form name="form1">
<input name="msg" id="mes_msg" class="boxformal boxformal-cf" required placeholder="Message"></input>
<input type="submit" style="visibility:hidden" onClick="submitChat();pageScroll()" class="button"></input>
<a href="#" onClick="submitChat();pageScroll()" class="button">Send</a>
</form>
</div>
</body>
修改 好的,这是insert.php脚本:
@Jonathan Kuhn
<?php
session_start();
$uname = $_SESSION['username'];
$msg = $_REQUEST['msg'];
$con = mysql_connect("localhost", "--", "--");
mysql_select_db('chat',$con);
mysql_query("INSERT INTO logs (`username` , `msg`) VALUES ('$uname','$msg')");
$result1 = mysql_query("SELECT * FROM logs ORDER by id ASC");
while($extract = mysql_fetch_array($result1)){
echo "<span class='uname'>" . $extract['username'] . "</span>: <span class='msg'>" . $extract['msg'] . "</span><br>";
}
?>
答案 0 :(得分:0)
这是新的insert.php。我添加了badword过滤器,将其切换为使用mysqli(这将阻止sql注入)并保护它一点。
<?php
session_start();
$uname = $_SESSION['username'];
$msg = $_REQUEST['msg'];
$db = new mysqli("localhost", "user", "pass", "chat");
if($db->connect_errno > 0){
die("Unable to connect to database: " . $db->connect_error);
}
//the list of words to check.
$badWordList = array(
'test1',
'test2'
);
//loop over each bad word
foreach($badWordList as $k=>$bad){
//clean up the bad word for use in a regex
$pattern = '/\b'.preg_quote($bad).'\b/i';
//replace each bad word
$msg = preg_replace($pattern, str_repeat('*', strlen($bad)), $msg);
}
//call html entities to prevent html from being entered
$msg = htmlentities($msg, ENT_QUOTES);
//create a prepared statement
$stmt = $db->prepare("INSERT INTO logs (`username` , `msg`) VALUES (?,?)");
//bind the username and message
$stmt->bind_param('ss', $uname, $msg);
//run the query to insert the row
$stmt->execute();
//get all the entries from `logs`
if($result = $db->query("SELECT `username`,`msg` FROM `logs` ORDER by `id` ASC")){
//loop over the result and echo out the chat
while($row = $result->fetch_assoc()){
echo "<span class='uname'>" . $row['username'] . "</span>: <span class='msg'>" . $row['msg'] . "</span><br>";
}
} else {
die("There was an error retrieving the chat records: " . $db->error);
}
一些注意事项:
\b边界字符,则“食物”将变为“*** d”。由您决定如何处理它。这意味着简单的第一线检测。没有什么可以替代让某人温和聊天并采取行动。你可以使你的过滤器更先进但是变得复杂,而且简单的权衡并不值得。
答案 1 :(得分:-1)
//before send
var regex = /\b(please help me|bad words)\b/i;
msg = msg .replace(regex, "***");
//finally