ArizonaJohn Posted May 20, 2009 Share Posted May 20, 2009 Hello, The code below works great. It takes in a variable called "name" from a simple HTML form and creates a new table in a MySQL database called the variable "name." It allows the user to start a new table and name a new table. This is exactly what I want. However, I would like to prevent the user from creating new tables with pornographic names. I was thinking that it would require me to add an IF statement before the code below, something like if $_POST['name']= 'sex', 'porn', etc., but I'm not sure what action to implement if this condition is true. How could I do this? Thanks in advance, John <?php if (isset($_POST['name']) && !empty($_POST['name'])) { mysql_connect("mysqlv3", "username", "password") or die(mysql_error()); mysql_select_db("sand2") or die(mysql_error()); $table = mysql_real_escape_string($_POST['name']); $query = "CREATE TABLE `$table` (id INT(11) NOT NULL auto_increment, site VARCHAR(150) NOT NULL, votes_up BIGINT(9) NOT NULL, votes_down BIGINT(9) NOT NULL, PRIMARY KEY(id), UNIQUE (site))"; $result = mysql_query($query) or die(mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
Masna Posted May 20, 2009 Share Posted May 20, 2009 <?php function check_porn_terms($input){ $porn_terms = array("porn", "sex", "tits", "cock", "penis", "vagina", "pussy", "itakeithard", "hard_cock", "really_hard_cock", "suckmydickbitch", "fuck", "me", "good"); //add terms here foreach($porn_terms as $term){ if(substr_count($input, $term) > 0) return false; } return true; } if (isset($_POST['name']) && !empty($_POST['name'])) { mysql_connect("mysqlv3", "username", "password") or die(mysql_error()); mysql_select_db("sand2") or die(mysql_error()); if(!check_porn_terms($_POST['name'])) die("No porn!"); $table = mysql_real_escape_string($_POST['name']); $query = "CREATE TABLE `$table` (id INT(11) NOT NULL auto_increment, site VARCHAR(150) NOT NULL, votes_up BIGINT(9) NOT NULL, votes_down BIGINT(9) NOT NULL, PRIMARY KEY(id), UNIQUE (site))"; $result = mysql_query($query) or die(mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
ArizonaJohn Posted May 20, 2009 Author Share Posted May 20, 2009 Masna, Awesome, it works. And thanks for helping me get started on my library of porn terms to block! LOL -John Quote Link to comment Share on other sites More sharing options...
Masna Posted May 21, 2009 Share Posted May 21, 2009 Masna, Awesome, it works. And thanks for helping me get started on my library of porn terms to block! LOL -John Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.