how to block bad words in php input form

Question

i have a feedback form in a website (created for school). but input are coming bad words and bad links. what will do next (website page in php). i need like when anyone entering the bad words then error message should be displayed else success message and data pass to database.if any one can help please help me and i am attaching my code here with this question.

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$email=$_POST['email'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
$abc=mysqli_query($conn,"insert into enquiry(name,email,mobile,resident,enquiry,date)
    values('$name','$email','$mobile','$resident','$enquirymessage','$date')");
if($abc>0)
echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Error.Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>

i tried this code but not worked

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) ||contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else {

$sql="insert into enquiry(name,mobile,resident,enquiry,date) values(?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ssssss",$name,$mobile,$resident,$enquirymessage,$date);
$stmt->execute();
$abc=$stmt->affected_rows;
}

if($sql>0)

echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Something Went Wrong. Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>

but it worked here. is there any problem while code like this

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title></title>
</head>
<body>
<form action="" method="POST">
        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Name</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="name" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Email ID</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="email" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Mobile Number</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="mobile" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Resident</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <input type="text" name="resident" class="form-control form-control-sm" required>
        </div>
        </div>

        <div class="form-row row">
        <div class="col-lg-4 col-md-5">
        <label style="font-size: 14px;font-weight: bold;" for="">Enquiry</label>
        </div>
        <div class="col-lg-5 col-md-5">
        <textarea type="text" rows="5" placeholder="Hit Your Enquiry" minlength="3" maxlength="150" name="enquirymessage" class="form-control form-control-sm" required></textarea>
        </div>
        </div>

        <button name="submitedenquiry" name="submitedenquiry"class="btn btn-success mb-2 " >Submit</button>
</form>
<?php
if (isset($_POST['submitedenquiry'])) 
{
$name=$_POST['name'];
$mobile=$_POST['mobile'];
$resident=$_POST['resident'];
$enquirymessage=$_POST['enquirymessage'];

$date = date('m/d/Y h:i:s a', time());
function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) ||contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else
$abc=mysqli_query($conn,"insert into enquiry(name,mobile,resident,enquiry,date)
    values('$name','$mobile','$resident','$enquirymessage','$date')");
if($abc>0)

echo '<script>swal({
          title: "Successfull",
          text: "We will contact you soon.",
          icon: "success",
          }).then(function(){window.location="contact-us.php";});</script>';
else
echo '<script>swal({
          title: "Ooops....",
          text: "Something Went Wrong. Please Try Again",
          icon: "error",
          }).then(function(){window.location="contact-us.php";});</script>';
}
?>
</body>
</html>

(1) What do you mean by "bad words" ? (2) Please change your db queries to parameterized prepared statements which are resilient against SQL injection — Ken Lee, Nov 25 '22 at 05:55
can you help me to change db queeirs to parameterized prepared statements which are resilient against SQL injection. i am new to this — Ashif Risal CT, Nov 25 '22 at 06:12
In keeping with [New York, New York](https://en.wikipedia.org/wiki/New_York,_New_York_(So_Good_They_Named_It_Twice)) - you have a button so good you named it twice! — Professor Abronsius, Nov 25 '22 at 07:53
In the code you say does **not** work that utilises a `prepared statement` there are 6 types listed in `bind_param` but only 5 placeholders. — Professor Abronsius, Nov 25 '22 at 14:03
I would suggest that rather than insert a date in a peculiar format as you do here that you simply modify the column type ( in the db ) to `timestamp` and allow the db to insert the default value. You can then modify this when output if required. — Professor Abronsius, Nov 25 '22 at 16:34

Ken Lee · Answer 1 · 2022-11-25T08:07:08.973

1

To meet your requirement to detect bad words

you may use a function (e.g. contains(), please see below code) to check whether the user has entered "bad words" in the submitted data. The array of "bad words" can be like:

$badwords=array("fuxk","rxpe","porn");

then only if the number of bad words detected is 0 , you should execute the insert query
Please change your db insert query to parameterized prepared statement which are resilient against SQL injection

So change this line

$abc=mysqli_query($conn,"insert into enquiry(name,email,mobile,resident,enquiry,date)
    values('$name','$email','$mobile','$resident','$enquirymessage','$date')");

to

function contains($string, $array, $caseSensitive = false) {
    $stripedString = $caseSensitive ? str_replace($array, '', $string) : str_ireplace($array, '', $string);
    return strlen($stripedString) !== strlen($string);
}

$badwords=array("fuxk","rxpe","porn");

$badwordcount=0;

if ( contains($name, $badwords) || contains($email, $badwords) || contains($mobile, $badwords) ||contains($resident, $badwords) || contains($enquirymessage, $badwords) ) {
  $badwordcount++;
}

if ($badwordcount!=0) {
    $abc=0;
} else {

$sql="insert into enquiry(name,email,mobile,resident,enquiry,date) values(?,?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("ssssss", $name,$email,$mobile,$resident,$enquirymessage,$date);
$stmt->execute();
$abc=$stmt->affected_rows;
}

You may wish to add further words to the $badwords list so as to detect other bad words

edited Nov 25 '22 at 08:07

answered Nov 25 '22 at 07:55

Ken Lee

6,985
3
10
29

1

It's a trap. "How can I prevent bad words?" is a game that no developer can win. Humans are too disgusting. Is "Trxpezoid" a bad word? – mickmackusa Nov 25 '22 at 08:00
1

deep learning and proper AI might allow better success but that is beyond the abilities of mere mortals – Professor Abronsius Nov 25 '22 at 08:05
1

The citizens of [Scunthorpe](https://en.wikipedia.org/wiki/Scunthorpe_problem) will have a bad user experience. Again. – gre_gor Nov 25 '22 at 08:10
replaced the code by your code,if bad word contains then message is displaying but bad word not contains form value not ging to database – Ashif Risal CT Nov 25 '22 at 09:07
connection is perfect – Ashif Risal CT Nov 25 '22 at 09:23
i just replaced $abc=mysqli_query($conn,"insert into enquiry(name,email,mobile,resident,enquiry,date) values('$name','$email','$mobile','$resident','$enquirymessage','$date')"); with your code,no any other changed do – Ashif Risal CT Nov 25 '22 at 09:32
could you please add complete code with above your code also – Ashif Risal CT Nov 25 '22 at 09:40
date field with type date – Ashif Risal CT Nov 25 '22 at 09:49
cheked but no result – Ashif Risal CT Nov 25 '22 at 09:57
not shwoing any success message also – Ashif Risal CT Nov 25 '22 at 09:57
Please check the above code please – Ashif Risal CT Nov 25 '22 at 10:22
changed but no result and also data not passing to database – Ashif Risal CT Nov 25 '22 at 10:35
what will do next – Ashif Risal CT Nov 25 '22 at 11:05

how to block bad words in php input form

1 Answers1