如何阻止PHP输入表单中的坏词[复制]

how to block bad words in php input form [duplicate]

提问人:Ashif Risal CT 提问时间:11/25/2022 最后编辑:Ashif Risal CT 更新时间:11/25/2022 访问量:429

问:

这个问题在这里已经有答案了:
Badwords - 阻止用户绕过 php 中的坏词过滤器 (3 个答案)
PHP 脏话过滤器 (2 个答案)
你如何实现一个好的亵渎过滤器? (19 个答案)
PHP过滤器坏词 (4个答案)
从文本中过滤坏词 (2 个答案)
12个月前关闭。

我在网站(为学校创建)中有一个反馈表。但是输入来了坏词和坏链接。下一步将做什么 (PHP中的网站页面)。 我需要像任何人输入坏词时一样,然后应该显示错误消息,否则成功消息和数据传递到数据库,如果有人可以提供帮助,请帮助我,我在这里附上我的代码和这个问题。

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
$abc=mysqli_query($conn,"insert into enquiry(name,email,mobile,resident,enquiry,date)
    values('$name','$email','$mobile','$resident','$enquirymessage','$date')");
if($abc>0)
echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Error.Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>

我尝试了这段代码,但没有用

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) ||contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else {

$sql="insert into enquiry(name,mobile,resident,enquiry,date) values(?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ssssss",$name,$mobile,$resident,$enquirymessage,$date);
$stmt->execute();
$abc=$stmt->affected_rows;
}

if($sql>0)

echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Something Went Wrong. Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>

但它在这里奏效了。像这样的代码有什么问题吗

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) ||contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else
$abc=mysqli_query($conn,"insert into enquiry(name,mobile,resident,enquiry,date)
    values('$name','$mobile','$resident','$enquirymessage','$date')");
if($abc>0)

echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Something Went Wrong. Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>
php html 验证 mysqli

评论

0赞 Ken Lee 11/25/2022
(1)“坏话”是什么意思?(2) 请将您的数据库查询更改为可抵御 SQL 注入的参数化预准备语句
0赞 Ashif Risal CT 11/25/2022
坏话意味着色情内容和链接
0赞 Ashif Risal CT 11/25/2022
你能帮我把db queeirs更改为参数化的预准备语句,这些语句可以抵御SQL注入。我是新手
0赞 Professor Abronsius 11/25/2022
与纽约保持一致,纽约 - 你有一个按钮,你给它起了两次名字!
0赞 Professor Abronsius 11/25/2022
在您说不起作用的代码中,列出了 6 种类型,但只有 5 个占位符。prepared statementbind_param

答:

1赞 Ken Lee 11/25/2022 #1

满足您的检测要求bad words

  • 您可以使用函数(例如 contains(),请参阅下面的代码)来检查用户是否在提交的数据中输入了“坏词”。“坏词”的数组可以是这样的:
$badwords=array("fuxk","rxpe","porn");
  • 然后,仅当检测到的坏字数为 0 时,才应执行插入查询
  • 请将您的 db insert 查询更改为可抵御 SQL 注入的参数化预准备语句

所以改变这一行

$abc=mysqli_query($conn,"insert into enquiry(name,email,mobile,resident,enquiry,date)
    values('$name','$email','$mobile','$resident','$enquirymessage','$date')");



function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) || contains($email, $badwords) || contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else {

$sql="insert into enquiry(name,email,mobile,resident,enquiry,date) values(?,?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ssssss", $name,$email,$mobile,$resident,$enquirymessage,$date);
$stmt->execute();
$abc=$stmt->affected_rows;
}

您可能希望在$badwords列表中添加更多单词,以检测其他坏单词

评论

1赞 mickmackusa 11/25/2022
这是一个陷阱。“我怎样才能防止坏话?”是一个没有开发者能赢的游戏。人类太恶心了。“Trxpezoid”是一个坏词吗?
1赞 Professor Abronsius 11/25/2022
深度学习和适当的人工智能可能会带来更好的成功,但这超出了凡人的能力范围
1赞 gre_gor 11/25/2022
斯肯索普市民的用户体验会很差。再。
0赞 Ashif Risal CT 11/25/2022
用你的代码替换代码,如果坏词包含,则显示消息,但坏词不包含表单值,而不是数据库
0赞 Ashif Risal CT 11/25/2022
连接完美

上一个:PHP 致命错误:未捕获错误:未找到类“dbConnection”[重复]

下一个:将图像从 html 表单输入上传到数据库 blob 列