Right now I'm blocking all html code. I also want to block URL's. I tried some suggestions I found online but nothing has worked. Any ideas? if(preg_match('/<a(?:[^>]*)href=/i', $_POST['message'])) { Code (markup):
http://snipplr.com/view/64247/ $text= preg_replace('@((https?://)?([-\w]+\.[-\w\.]+)+\w\d+)?(/([-\w/_\.]*(\?\S+)?)?)*)@', 'BLOCKEDURL', $text);
Thank you for your help but this doesn't really help me at all. If I replace the code with this then it no longer checks for html code. I need a solution that will take both into consideration in the same line. Anyone have any ideas of how I can get this working? Thank you in advance.
Well, strip_tags would remove the HTML and stop links from being rendered, even if the person had an anchor text of the raw URL (sure, an unclickable URL would still be present). Or do you also want to remove that, too? The simplest solution would be to use strip_tags($text) in your RegEx for URL removal.
I was having a problem with people entering html code into the form. So it was blocked out and now it still acts like the message went through but it didn't. This way the spammer thinks they have succeeded rather then trying to figure out a way to beat it. The new problem is that people are just putting URL's in. When they do this, I want it to act exactly how the HTML code block works.
So, you're not filtering the HTML, but instead matching it against a pattern. So you want a preg_match for HTML (which you already have) and then need a preg_match for links (which can be done in so many ways)? Rather than stripping/replacing?
There are a multitude of ways a web address can be placed, so it really depends on how far you want to go: http://domain.com http://www.domain.com https://domain.com https://www.domain.com www.domain.com domain.com Code (markup): And of course variations based on the many (cc/g)TLDs out there. It's when you get down to domain.tld that it gets trickier. How far do you want to take it?
Hi ryan_uk All of those would be perfect. I'm getting so many complaints from my customers about the 100's of spam (classified ad website) that at this point I am willing to do all of those. How much would you charge to write a working version of the code that I need to pop in there?
Websites don't always end in .com so what if it just matched "http" and "www". That way it covers all of those except the last one.
I should be able to match any domain, mate. Heading off out to do some shopping now, but I'll let you know more once I return.