[SOLVED] Simple swear filter

[Lyleyboy]

Hi all,

 

Trying to do a really simple swear filter. Don't need anything too fancy.

 

So far I have

<?php
include('../../includes/inc.conn.php');

function swear($string){
  
  $query = "SELECT word FROM bad_words"; 
  $result = mysql_query($query) or die(mysql_error());
    while($row = mysql_fetch_array($result)){
      $word = $row['word'];
      echo $word . "<br/>";
      $str = str_replace($word, "***", $string);
    }

  
  return $str;
}

$string_to_check = "shit cock";
echo $string_to_check;
echo "<br/>";
echo swear($string_to_check);


?>

 

This wont work but if I put $word = "cock"; instead of the row['word'] it works. Like the below.

 

<?php
include('../../includes/inc.conn.php');

function swear($string){
  
  $query = "SELECT word FROM bad_words"; 
  $result = mysql_query($query) or die(mysql_error());
    while($row = mysql_fetch_array($result)){
      $word = "cock";
      echo $word . "<br/>";
      $str = str_replace($word, "***", $string);
    }

  
  return $str;
}

$string_to_check = "shit cock";
echo $string_to_check;
echo "<br/>";
echo swear($string_to_check);


?>

 

Can someone tell me what's wrong. I can't see the difference.

[Psycho]

Does the swear word get displayed on the page in the first example from this line?

echo $word . "<br/>";

 

If not, are you sure the query returns any results and/or that the results have a column named 'word'?

 

In any event, the process above is not very efficinet and, worse, will make improper replacements. For example, this "shitzu dogs" would become this "***zu dogs". You need to use preg_replace(). Add all the bad words to an array as a regular expression using the word boundry metacharacter to find whole words, along with the case insensitive switch. This will ensure that only whole word matches are replaced.

 

<?php
include('../../includes/inc.conn.php');

function swear_filter($string)
{
  $words = array();
  $query = "SELECT word FROM bad_words";
  $result = mysql_query($query) or die(mysql_error());
  while($row = mysql_fetch_array($result)){
    $words[] = '/\b' . $row['word'] . '\b/i';
  }
  return preg_replace($words, '***', $string);
}

$string_to_check = "My shitzu took a Shit on the carpet.";
echo swear_filter($string_to_check);

//Assuming the word 'shit' is in the db results
//Output: "My shitzu took a *** on the carpet"
?>

[Lyleyboy]

Superb, that works.

 

The word is in the query and it replaces it nicely.

 

I did think about the part word replacement issue. Didn't have the faintest idea of how to do it.

I was thinking about wrapping everything so that I could find full words. Shoddy job I know.

[Lyleyboy]

So, that worked a treat.

 

To help me better understand would you be able to tell me why my version didn't work?

 

I understand it wasn't the best in any case but logically it looked ok.

[Psycho]

At first I didn't see anything, but on second look I can see two things that would cause it to fail:

 

1. Character case: if the case of the word in your database didn't match the case of the word in the text, it wouldn't be replaced

 

2. Incorrect logic in your loop. You start with the variable "$string". Then on the first pass you define the variable $str using str_replace() on $string. So, $str would have the replacement of the first bad word. But, on the next pass you would be doing a str_replace() again on $string (the original text) so you would have lost any replacement from the first pass. So, in the end you would ONLY get the result of the last word processed against the original $string value.