|
|
Posted by Toby Inkster on 01/23/07 19:01
Allodoxaphobia wrote:
> $bad_strings = array('www.','/url]','ttp://','ttps://') ;
>
> foreach( $bad_strings as $bad_string )
> if ( ereg( $bad_string, $string ) ) return false ;
Why do people insist on using ereg()? preg_match() gives better
performance and more flexibility. In this case anyway, you're matching
against plain strings, not regular expressions, so strstr() would be
even faster.
In any case, the following string would pass through your filter
unblocked:
hTTp://wWw.example.com/
because your tests are case-sensitive. The case-insensitive versions of
ereg() and strstr() are eregi() and stristr(). preg_match() can be made
case-insensitive using the '/i' flag.
function check_bad_content($string)
{
$bad_strings = array('www.','/url]','ttp://','ttps://') ;
foreach ($bad_strings as $bad_string)
if (stristr($string, $bad_string))
return FALSE;
return TRUE;
}
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Navigation:
[Reply to this message]
|