Filtering out any web address in $_POST vars

[dk4210]

Hello Guys,

 

I want to be able to filter out any url in any of form $_POST vars? Would I do it with a foreach loop and the preg replace function?

 

I would consider any web address in my form spam. I would like to filter it out..

 

I'm already using

Strip tags, htmlentities, strip_tags, stripslashes & mysql_real_escape_string but they don't seem to filter out URLs..

 

Thanks for your help in advanced..

[betterphp]

I'm already using

Strip tags, htmlentities, strip_tags, stripslashes & mysql_real_escape_string but they don't seem to filter out URLs..

in what order ? You may be creating a security issue.

 

The method you described would work, although the regexp would be a tricky one to write

[dk4210]

Basically what I would like to do is some code in my filter to read all the post vars and if any contain something like http://www.spam.com or any web address to filter it out or do character replacement.

 

Here's my filter

 

function filter($data) {
    $data = trim(htmlentities(strip_tags($data)));

    if (get_magic_quotes_gpc())
        $data = stripslashes($data);

    $data = mysql_real_escape_string($data);
    
   return $data;
    
}

 

Here is my code calling the filter

 

// Grab all POST vars and run them through the loop and filter

    $_POST = array_map('strip_tags', $_POST); 
    array_walk_recursive($_POST, 'filter');
    extract($_POST,EXTR_SKIP);

 

Thanks for your help..

 

 

[betterphp]

$_POST = array_map('strip_tags', $_POST); 

no need for this line as your filter function does it anyway.

 

and its in that filter function that you want to do the preg_replace. The problem is http://www.spam.com can also be just spam.com which looks a lot like words. But if you google "url matching regex" you will get loads of expressions that match urls then you just use preg_replace

 

$data = preg_replace(EXPR, '', $data);

 

after the trim line in the filter() function.