How To Filter Certain Words From Textareas/database

[CoreDestroyer]

I have this textarea, well, registration to be exact. I was wondering if there is a way to filter certain words from getting into the database when signing up. Things such as spaces and inappropriate/bad words. I only have 3 fields at the moment, which are

 

$username

$password

$email

 

Is there any way to filter those? Thanks in advance.

[Barand]

$badwords = array('microsoft', 'asp', '.net');

$clean = str_replace ($badwords, '', $originalText);

Edited October 11, 2012 by Barand

[CoreDestroyer]

$badwords = array('microsoft', 'asp', '.net')

$clean = str_replace ($badwords, '', $originalText);

 

I'm guessing I just put that in my code and it'll automatically clean it up?

[MDCode]

str_replace will replace all words associated within $badwords with nothing. If you wish to replace them with certain text, use the second parameter of str_replace and add whatever you want displayed. If you wish to filter words simply edit/add to what barand has shown

Edited October 11, 2012 by ExtremeGaming

[CoreDestroyer]

str_replace will replace all words associated within $badwords with nothing. If you wish to replace them with certain text, use the second parameter of str_replace and add whatever you want displayed. If you wish to filter words simply edit/add to what barand has shown

 

Well thank you very much! One last thing, does this count for spaces? I want to remove that from usernames as well.

[MDCode]

I'm not sure on that one as I've never attempted it. You could try a simple space between: --> ' ' <-- as shown. If not idk

[CoreDestroyer]

I'm not sure on that one as I've never attempted it. You could try a simple space between: --> ' ' <-- as shown. If not idk

 

Ok, thanks anyway!

[Barand]

<?php
$username = "abc microsoft uses aspx with .net";

$badwords = array('microsoft', 'asp', '.net', ' ');

$clean = str_replace ($badwords, '', $username);

echo $clean;    // --> abcusesxwith
?>

[Christian F.]

I would never silently edit user input like this, especially not for things such as usernames, e-mail addresses and such! (Profanity filters is something else.)

 

What you should do, is to use the ctype_* () functions to validate the input according to certain rules. These rules should clearly define what input you expect to be given by the user, and show a warning if anything falls outside of these rules. This is commonly known as "input validation", and there's whole lot of information about this on the net. Some good, but unfortunately a lot of bad stuff too.

You should also learn about "output escaping", which is a completely separate concern from input validation, but they're almost always both employed in the same code. Unfortunately that has lead some people to mix them, and treat them as the same. This include people a lot of who have written "security tutorials", which means you might have to search a bit to find some good ones.

[Pikachu2000]

<?php
$badwords = array('microsoft', 'asp', '.net', ' ');

 

LOL. Excellent.