22 {{ upvoteCount | shortNum }}
22 {{ upvoteCount | shortNum }}

How To Add Bad Word Filter To Simple Search Form

by terry1288
17 replies
I have a very simple search form I use attached to a script
to search.

Is it possible to add a bad word filter to this form to prevent
people putting in bad/not acceptable words.

This is the basic form I am using:

<form action="results" method="get">
<input type="text" name="search_query" maxlength="150" size="70">
<input type="submit" value="Search">
</form>

Thanks for any help.

Terry
#add #bad #filter #form #search #simple #word
  • Profile picture of the author BrianLeanza
    Hey Terry,

    if a client-side validation (via Javascript) is enough you could use this:

    The JavaScript Source: Forms: Word Filter

    If you'd rather do it server side I'd need to know what you are using (PHP or ASP.net)

    Cheers!
    {{ DiscussionBoard.errors[1637565].message }}
  • Profile picture of the author lisag
    However Brian suggests doing it, you'll need something like this.

    http://drupal.org/files/issues/dirtywords.txt
    Signature

    -- Lisa G

    {{ DiscussionBoard.errors[1637905].message }}
  • Profile picture of the author Mr. Enthusiastic
    Terry, ideally the "dirty words list" would never be downloaded to a user's computer. Also, it would be nice if the posts can get cleaned up in an efficient way that doesn't require a page reload.

    I can see this being a moderatley ambitious AJAX project. When the user cilcks submit, or any time they pause for a few seconds while typing in the text box, the browser sends the contents of the text box to the server. The server checks the censorship list.

    If everything in the box is OK, it simply sends back an OK code. If anything needs to be scrubbed, the server sends back a sanitized version of the text. The browser updates the text box accordingly. If the user clicked submit, the post is then submitted and the next page loads.

    In this way, you'd have a responsive user experience while never downloading the objectionable words.

    Come to think of it, there might already be a Wordpress plugin to manage this. If not, it would be a good plugin coding project.

    Chris
    {{ DiscussionBoard.errors[1638524].message }}
  • Profile picture of the author chaos69
    Originally Posted by terry1288 View Post

    I have a very simple search form I use attached to a script
    to search.

    Is it possible to add a bad word filter to this form to prevent
    people putting in bad/not acceptable words.
    Hi Terry,

    This is simple in PHP.... Ive assumed you are using single words.

    Just an example, as always, please validate the data and test before using
    on a live server. Note - this uses POST and not GET as defined in your form.

    <?php

    # Predefined bad words list. If its easier, consider having these
    # loaded from a file [use explode] or even better, from a database
    $badwords=array('your','bad','words','go','in','he re');

    # Please validate this data!
    if(isset($_POST['search_query']))
    {
    $search_query=$_POST['search_query'];

    # For every bad word, get rid of it from the search string.
    if(is_array($badwords) && sizeof($badwords) >0)
    {
    foreach($badwords as $theword)
    $search_query = ereg_replace($theword,"",$search_query);
    }
    # Done - now go and process your form, you might also want to
    # revalidate this, clean multiple spaces etc. E.G

    $search_query=preg_replace("/\s+/"," ",$search_query);
     print "<pre>$search_query</pre>";
    }

    ?>


    You can also do this before processing the form using ajax. You will need to check for a space being entered and then check the words that are currently entered and remove anything caught by the filter. This could get annoying for the user if you dont do it properly though. Look into the jquery/prototype ajax libraries to save yourself some work.
    Signature
    Best Ways To Make Money Online

    Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
    “Yeah,” reply the bytes. “Make us a double.”
    {{ DiscussionBoard.errors[1638886].message }}
    • Profile picture of the author saschakimmel
      Although it's just an example this line has a cross site scripting (XSS) vulnerability:
      print "<pre>$search_query</pre>";

      Always escape the output to prevent other users to output arbitrary content on your site:
      print "<pre>".htmlentities($search_query)."</pre>";
      Signature

      ** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

      {{ DiscussionBoard.errors[1639125].message }}
      • Profile picture of the author chaos69
        Originally Posted by saschakimmel View Post

        Although it's just an example this line has a cross site scripting (XSS) vulnerability:
        print "<pre></pre>";

        Always escape the output to prevent other users to output arbitrary content on your site:
        print "<pre>".htmlentities()."</pre>";
        *cough*

        Just an example, as always, please validate the data and test before using
        on a live server        . Note - this uses POST and not GET as defined in your form.

        and ...

        # Please validate this data!

        and ...

        # Done - now go and process your form, you might also want to
        # revalidate this, clean multiple spaces etc. E.G
        Signature
        Best Ways To Make Money Online

        Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
        “Yeah,” reply the bytes. “Make us a double.”
        {{ DiscussionBoard.errors[1639145].message }}
        • Profile picture of the author terry1288
          Thanks everyone

          Will be testing this shortly and get back to
          report asap.

          Terry
          Signature
          Learn Affiliate Marketing TerryTill.com
          {{ DiscussionBoard.errors[1639307].message }}
          • Profile picture of the author terry1288
            I am trying to incorporate the php as advised but get an error
            on an unexpected esleif.

            If I explain the script a little more perhaps you can help.

            The script is to search youtube for videos and the simple
            search form part is on an index.tpl file while in association with
            and index.php file.

            This code is in the php file:

            if (isset($_GET['search_query']))
            {
            $SITEDESCRIPTION = "Find information over " . ucfirst(str_replace("+", " ", $_GET['search_query']));
            $keyword = str_replace(" ", "+", $_GET['search_query']);
            $rss_str = "http://gdata.youtube.com/feeds/api/videos?vq=$keyword";
            }
            elseif (isset($_GET['user']))
            {
            $SITEDESCRIPTION = "Find information over " . ucfirst(str_replace("+", " ", $_GET['user']));
            $keyword = str_replace(" ", "+", $_GET['user']);
            $rss_str = "http://gdata.youtube.com/feeds/api/users/$keyword/uploads";
            }
            else
            {
            $keyword = str_replace(" ", "+", $keyword);
            $rss_str = "http://gdata.youtube.com/feeds/api/videos?vq=$keyword";
            }

            Sorry to trouble furthur but could you explain how to incorporate your php
            badwords into this php part.

            Many thanks for your help.

            Terry
            Signature
            Learn Affiliate Marketing TerryTill.com
            {{ DiscussionBoard.errors[1639724].message }}
            • Profile picture of the author chaos69
              Originally Posted by terry1288 View Post

              I am trying to incorporate the php as advised but get an error on an unexpected esleif.

              If I explain the script a little more perhaps you can help.

              The script is to search youtube for videos and the simple
              search form part is on an index.tpl file while in association with
              and index.php file.

              Sorry to trouble furthur but could you explain how to incorporate your php
              badwords into this php part.
              The syntax of the PHP script you posted looks to be correct.

              Its likely to be because you are using a template parser. Are you able to post the index.tpl file as well?
              -------
              EDIT: Sorry I misunderstood - the PHP script you posted is before making changes for fitler bad words, right?
              Signature
              Best Ways To Make Money Online

              Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
              “Yeah,” reply the bytes. “Make us a double.”
              {{ DiscussionBoard.errors[1639760].message }}
              • Profile picture of the author terry1288
                Hi chaos69

                This is the index.tpl file part which is connected with the search:

                <form action="results" method="get">
                <input type="text" name="search_query" maxlength="150" size="70">
                <input type="submit" value="Search">
                </form>


                </center>

                <br />
                <br />
                <hr />

                <div id="content2">

                <br />

                <!-- BEGIN search_output -->
                <div class="videoinfo">
                <span class="link">
                <a href="{search_output.link}" title="{search_output.title}" class="readmore">{search_output.title}</a>
                </span><br />
                <a href="{search_output.link}" title="{search_output.title}" class="readmore"><img src="{search_output.thumbnail}" align="right" border="0" height="90" hspace="4" vspace="4" width="120"></a>
                <p>
                {search_output.content}
                </p>
                <p> Author:
                <a href="{search_output.profilelink}">{search_output. name}</a><br />
                Views: {search_output.views}<br />
                Duration: {search_output.duration}<br />
                Published: {search_output.published}<br />
                </p><br />
                <hr />
                </div>
                <!-- END search_output -->


                Basicly someone would put in the search form the keywords they are searching for
                and then this page would pass them onto a video page which would display the
                video.

                Problem is I am getting some visitors putting in badwords etc whcih are pulling videos
                I would rather not have associated with my site.

                I found some in the search engines which first got my attention to this problem.

                I guess after sorting out the search problem I should then look at gettiing the script
                filtered to not return any videos which have titles/content that contain these badwords.

                I bought the reale rights to this script a few years ago and since the original
                writer has abandoned and done no more work to improve, plus no response to email
                so I thought I would try to sort out, although I am not really that familiar with php.

                Thanks again for your help.

                Terry
                Signature
                Learn Affiliate Marketing TerryTill.com
                {{ DiscussionBoard.errors[1639844].message }}
                • Profile picture of the author chaos69
                  Originally Posted by terry1288 View Post

                  I guess after sorting out the search problem I should then look at gettiing the script filtered to not return any videos which have titles/content that contain these badwords.
                  You should be good to go with my last post, let me know if you have any problems.

                  I did make reference to cleaning/check the data in $_GET, which you should also do, specifically against sql injection [if its going anywhere near a database] and by using the "htmlentities" function;

                  PHP Tutorial - htmlentities
                  Signature
                  Best Ways To Make Money Online

                  Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
                  “Yeah,” reply the bytes. “Make us a double.”
                  {{ DiscussionBoard.errors[1639906].message }}
                  • Profile picture of the author terry1288
                    Hi Chaos69

                    I am very grateful for the time and effort you have put into
                    this.

                    It appears to be working fine now.

                    There is no database associated with the script although I
                    can perhaps see the advantages of having the keywords list
                    in a database.

                    So if I do decide to go that way I will take heed of your advice
                    about the security issues.

                    Regards

                    Terry
                    Signature
                    Learn Affiliate Marketing TerryTill.com
                    {{ DiscussionBoard.errors[1639958].message }}
            • Profile picture of the author chaos69
              Originally Posted by terry1288 View Post

              Sorry to trouble furthur but could you explain how to incorporate your php
              badwords into this php part.
              Should be as below; I've only done it for the search_query part. If you plan on testing $_GET['user'] too, then you might want to look into creating a function
              rather than replicating the code.

              <?php
              # Predefined bad words list. If its easier, consider having these
              # loaded from a file [use explode] or even better, from a database
              $badwords=array('your','bad','words','go','in','he re');

              # NOTE - You should really check the the submitted value here is suitable or you may end up with problems
              # I wont confuse the matter by discussing security here, its not the place.

              if (isset($_GET['search_query']))
              {
              $search_query=$_GET['search_query'];

              if(is_array($badwords) && sizeof($badwords) >0)
              {
              foreach($badwords as $theword)
              $search_query = ereg_replace($theword,"",$search_query);
              }
              $search_query=preg_replace("/\s+/"," ",$search_query);

              $SITEDESCRIPTION = "Find information over " . ucfirst(str_replace("+", " ", $search_query));
              $keyword = str_replace(" ", "+", $search_query);
              $rss_str = "http://gdata.youtube.com/feeds/api/videos?vq=$keyword";
              }
              elseif (isset($_GET['user']))
              {
              $SITEDESCRIPTION = "Find information over " . ucfirst(str_replace("+", " ", $_GET['user']));
              $keyword = str_replace(" ", "+", $_GET['user']);
              $rss_str = "http://gdata.youtube.com/feeds/api/users/$keyword/uploads";
              }
              else
              {
              $keyword = str_replace(" ", "+", $keyword);
              $rss_str = "http://gdata.youtube.com/feeds/api/videos?vq=$keyword";
              }
              ?>
              Signature
              Best Ways To Make Money Online

              Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
              “Yeah,” reply the bytes. “Make us a double.”
              {{ DiscussionBoard.errors[1639816].message }}
              • Profile picture of the author saschakimmel
                Originally Posted by chaos69 View Post

                # I wont confuse the matter by discussing security here, its not the place.
                Security in PHP is relatively easy and if you post code that might copied and pasted by other users (most of which I assume not to be PHP experts) that might be a problem for them.

                Just verify the input and - most importantly - escape the output.
                Signature

                ** Get my ViralListMachine software now for free and build your own list virally by giving away free stuff @ http://www.virallistmachinegiveaway.com **

                {{ DiscussionBoard.errors[1640625].message }}
                • Profile picture of the author chaos69
                  Originally Posted by saschakimmel View Post

                  Security in PHP is relatively easy and if you post code that might copied and pasted by other users (most of which I assume not to be PHP experts) that might be a problem for them.
                  *sigh*

                  Once again , If you bothered to read the thread, you will see pointers in where to find the information.
                  Signature
                  Best Ways To Make Money Online

                  Eight bytes walk into a bar. The bartender asks, “Can I get you anything?”
                  “Yeah,” reply the bytes. “Make us a double.”
                  {{ DiscussionBoard.errors[1640707].message }}

Trending Topics