Posted by Michael Austin on 02/22/06 23:45

Jim Carlock wrote:

> Looking for suggestions on how to handle bad words that might
> get passed in through $_GET['item'] variables.
>
> My first thoughts included using str_replace() to strip out such
> content, but then one ends up looking for characters that wrap
> around the stripped characters and it ends up as a recursive
> ordeal that fails to identify a poorly constructed $_GET['item']
> variable (when someone hand-types the item into the line and
> makes a simple typing error).
>
> So the next thoughts involved employing a list of good words
> and if any word in the $_GET['item'] list doesn't fall into the
> list of good words, then an empty string gets returned.
>
> Any suggestions on how to handle this?
>
> Thanks,
>
> Jim Carlock
>
>
>

Jim, Not knowing your requirments or what the website will be used for makes it
a little difficult to give you a solution. Would a drop-down list of acceptable
words be better than expecting the user to type them correctly?

That being said, if you type as badly as I do, you have probably made all of teh
tpying errors most commonly seen. Including a str_replace() for all of those
examples would not be that difficult - better yet include it into a javascript
and let the client-side handle the word-corrections (onclick or onsubmit).

I have worked with several products (OS and database) that will auto-correct
some commands like: eixt = EXIT or comit=COMMIT etc... Digital TOPS10/20 OS
that ran on the KL10/20 systems (36bit - circa mid 70's early 80's) would prompt
you for a yes/no to:
did you mean [whatever the correct spelling of the command is] Pretty cool for
it's day...

--
Michael Austin.
DBA Consultant
Donations welcomed. Http://www.firstdbasource.com/donations.html
:)

[Back to original message]