|
|
Posted by Stephen Poley on 02/22/06 23:24
On Wed, 22 Feb 2006 19:36:41 GMT, "Jim Carlock" <anonymous@127.0.0.1>
wrote:
>Looking for suggestions on how to handle bad words that might
>get passed in through $_GET['item'] variables.
>
>My first thoughts included using str_replace() to strip out such
>content, but then one ends up looking for characters that wrap
>around the stripped characters and it ends up as a recursive
>ordeal that fails to identify a poorly constructed $_GET['item']
>variable (when someone hand-types the item into the line and
>makes a simple typing error).
>
>So the next thoughts involved employing a list of good words
>and if any word in the $_GET['item'] list doesn't fall into the
>list of good words, then an empty string gets returned.
>
>Any suggestions on how to handle this?
Automatic removal is just about impossible to do reliably. (People
living in places such as Sussex and Scunthorpe have complained that
their addresses get rejected by some sites.) If at all possible use a
matching routine to detect doubtful entries and place them on one side
for subsequent manual review.
--
Stephen Poley
http://www.xs4all.nl/~sbpoley/webmatters/
Navigation:
[Reply to this message]
|