我有一个简单的表格,需要额外的验证。我有一系列禁用词,如果存在,则表单提交失败。
如果输入中的“唯一单词”被禁止,我就可以让它工作。但是,如果它包含正常单词和禁用单词,则表单提交将通过。 我确实知道禁用词数据库工作正常,因为我有测试代码来输出所有这些词
只有当禁用术语是其中唯一的单词/字符串时,这才有效。
// array of banned words to filter; comes from DB
$disallowed_terms = Array();
$disallowed = $ww_mysqli->prepare("SELECT * FROM nl_filters");
$disallowed->bind_param('s', $Filter);
$disallowed->execute();
$s_result = $disallowed->get_result();
// check each input for banned words
while ($row = $s_result->fetch_assoc()) {
$disallowed_terms[] = $row;
// only wrote this for $sprequests for testing
// strpos() doesn't seem to the right method here
$sprequests_check = strpos($sprequests,$disallowed);
if (in_array($sprequests_check,$row) !== false) {
// adding anything to $reasons will cause submission to fail
$reasons .= '|error';
}
if (in_array($theirname,$row) !== false) {
$reasons .= '|error';
}
if (in_array($email,$row) !== false) {
$reasons .= '|error';
}
if (in_array($phone,$row) !== false) {
$reasons .= '|error';
}
}
当前禁用词语列表是这里
我们可以通过首先从输入中删除任何特殊字符并将其替换为空格,然后使用explode将字符串拆分到数组中来检查每个术语。
我简化了示例的代码,因此 $disallowed_terms 是一个静态数组,输入也是一个静态数组。请随意修改代码以匹配您的项目。
我在整个代码中留下了注释来解释发生了什么,但如果我错过了什么,请告诉我:)。请参阅下面的代码:
<?php
// Example disallowed terms, you would get these from the database
$disallowed_terms = [
"bad",
"evil",
"crazy"
];
//example inputs from the user
$inputs = [
"I like bad things",
"I like good things",
"I like ok things",
"I like evil, things",
" I like-crazy.things ",
];
$disallowed_terms_pattern = create_disallowed_terms_regex($disallowed_terms); // get the regex that will be used
// echo $disallowed_terms_pattern; // Outputs: /(bad|evil|crazy)/
// Test each input from user and echo the result
foreach ($inputs as $input){
if(contains_disallowed_term($input,$disallowed_terms_pattern)){ // call function to check if input contains disallowed term
// disallowed term found
echo "NOT GOOD -".$input."<br>";
}else{
// disallowed term NOT found
echo "OK -". $input."<br>";
}
}
/* SAMPLE OUTPUT:
NOT GOOD -I like bad things
OK -I like good things
OK -I like ok things
NOT GOOD -I like evil, things
NOT GOOD - I like-crazy.things
*/
// create regex pattern string that will contain all the disallowed terms eg. Outputs: /(bad|evil|crazy)/
function create_disallowed_terms_regex($disallowed_terms){
$regex = '/(';
foreach ($disallowed_terms as $term){
$regex.=$term.'|';
}
$regex = rtrim($regex,'|'); // remove | from end of string
$regex .= ')/';
return $regex;
}
function contains_disallowed_term($input,$disallowed_terms_pattern){
// Replace all special characters with spaces, this stops inputs like i'am-not-crazy;) from getting passed the regex
$input = preg_replace('/[^\w\s]/', ' ', $input);
$input_terms = explode(" ", $input); // explode the input string into an array using spaces as a seperator
foreach ($input_terms as $term){ // go over each term in the input
if(preg_match($disallowed_terms_pattern, $term)){
return true; // if it matches a word in disallowed list return true;
}
}
//term didn't match disallowed term, return false
return false;
}
?>
此解决方案的明显限制是它无法检测像“cr*zy”这样的单词,因为它删除了 * 并将其替换为空格。另一方面,它会检测到像这样的“.:thats-crazy:.”这样的“crazy”一词。
如果某些不允许的单词包含特殊字符,则解决方案可能也需要修改。由于 create_disallowed_terms_regex() 函数可能会中断,并且永远不会检测到具有特殊字符的单词,因为解决方案会从输入中删除特殊字符。这两个问题都可以通过微小的改变来缓解。