4

I wonder if someone could please help, I am running a MySQL insert query, so when a user fills in a form it inserts the content into the database. However, I am trying to make it so that I can remove/block links (URLs) from being inserted.

I am trying this, but I'm new to MySQL and am not able to get it working, I'm not sure I'm doing it right, I'd be grateful if someone could help.

Thanks in advance,

<?php ob_start(); ?>
 <?php 
// check if the review form has been sent
if(isset($_POST['review_content']))
if(isset($_POST['review_recipient']))
{
    $content = $_POST['review_content'];
    $review_recipient = $_POST['review_recipient'];
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
                $content = stripslashes($content);
                $review_recipient = stripslashes($review_recipient);
        }
        //We check if all the fields are filled
        if($_POST['review_content']!='')
        if($_POST['review_recipient']!='')
        {


            {

                $forbidden = array('<[\w.]+@[\w.]+>', '<\w{3,6}:(?:(?://)|(?:\\\\))[^\s]+>', '#<.*?>([^>]*)</a>#i');
$matches  = array('****', '****', '****');
$post     =  preg_replace($forbidden, $matches, $post);


            $sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";
            mysql_query($sql, $connection);

            $_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}");

} } } } } ?>

updated:

ok so I'm trying to do it like this but its still allowing the url to be displayed

<?php ob_start(); ?>
 <?php 
// check if the review form has been sent
if(isset($_POST['review_content']))
if(isset($_POST['review_recipient']))
{
    $content = $_POST['review_content'];
    $review_recipient = $_POST['review_recipient'];
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
                $content = stripslashes($content);
                $review_recipient = stripslashes($review_recipient);

                $regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";
$replacement = "[blocked url]";
$review_recipient = reg_replace($regex,$replacement,$_POST['review_recipient']);
$profile_id = intval($_POST['profile_id ']); //dont know how you get this
$content = reg_replace($regex,$replacement,$_POST['review_content']);
        }
        //We check if all the fields are filled
        if($_POST['review_content']!='')
        if($_POST['review_recipient']!='')


        {


            {


            $sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";
            mysql_query($sql, $connection);

            $_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}");

} } } } } ?>
Improve this question
2
  • find url: /(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?/ Commented May 1, 2013 at 11:43
  • See my answer, the problem is the nesting of your code. I've cleaned it up a little and the problem was clear. Commented May 1, 2013 at 12:36

2 Answers 2

Reset to default
1

The problem you had is that you've got your regular expression check within the get_magic_quotes_gpc() call, Joel's code also has reg_replace as a typo, otherwise that would have worked (if you'd have put it outside of the magic quotes check.

Here's a fully updated script for you to try.

<?php

ob_start();

// check if the review form has been sent
if(isset($_POST['review_content'])) {
    if(isset($_POST['review_recipient'])) {
        $content = $_POST['review_content'];
        $review_recipient = $_POST['review_recipient'];

        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc()) {
                $content = stripslashes($content);
                $review_recipient = stripslashes($review_recipient);
        }

        $regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";
        $replacement = "[blocked url]";
        $review_recipient = preg_replace($regex,$replacement,$_POST['review_recipient']);
        //$profile_id = intval($_POST['profile_id']); //dont know how you get this
        $content = preg_replace($regex,$replacement,$_POST['review_content']);


        //We check if all the fields are filled
        if($_POST['review_content']!='') {
            if($_POST['review_recipient']!='') {

                $sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";
                mysql_query($sql, $connection);

                $_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>";

                header("Location: {$_SERVER['HTTP_REFERER']}");
            }
        }

    }

}

?>

If you want to block specific words you can also add something like this:

$regex2 = "/(.*)\b(word1|word2|word3)\b(.*)/";
$replacement2 = "[blocked word]";

Then change your preg_replace to something like this:

$content = preg_replace(Array($regex, $regex2),Array($replacement, $replacement2),$_POST['review_content']);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

preg replace, there is a regex for finding urls:

$inputData = "www.google.com is a url";
$filteredData = preg_replace('/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/','[blocked url]',$inputData);

here it goes wrong:

$post     =  preg_replace($forbidden, $matches, $post);

this wont fix all the urls in the post variables.

i think you want somehting like this:

$regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";
$replacement = "[blocked url]";
$review_recipient = reg_replace($regex,$replacement,$_POST['review_recipient']);
$profile_id = intval($_POST['profile_id ']); //dont know how you get this
$content = reg_replace($regex,$replacement,$_POST['review_content']);
Improve this answer

3 Comments

i tried this but it didn't work for me i put $inputData = $content and still shows the link. maybe I'm doing it wrong
there was a minor bug in the regex if fixed it but i think you somewhehre use the wrong variable so it still bypasses the preg replace
ok thanks again for having a look at this for me however the codes not working for me, ill post my updated code in my question and if u could show me if I'm going wrong somewhere that would really help

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.