I have done some searching on here and would like to make the user posted links that do get displayed on my site to have an extra layer of security. I found some code on here and modified it, but it doesn't seem to be picking up the words set in my array.
<?php
session_start();
include 'mysql-connection.php';
$comment = $_POST[comment];
$comment = htmlentities($comment);
$comment = mysql_real_escape_string($comment);
$bannedwords = array(".exe",".zip");
$matches = array();
$matchFound = preg_match_all(
"/\b(" . implode($bannedwords,"|") . ")\b/i",
$comment,
$matches
);
if ($matchFound) {
header("Location: http://mydomain/index.php");
}
else
{
mysql_query("INSERT INTO posts (postid, post_content, username)
VALUES ('', '$comment', '$username')");
header("Location: http://mydomain.org/index.php");
}
mysql_close($con);
?>
I am grabbing the comment with $_POST[comment]; and then changing it so the if they post html tags it doesn't mess with the layout of the page. We then make it so the $comment won't cause any mysql damage.
Next is where I am encountering the issue. $bannedwords should basically be setting non case sensative mixtures of each word within the array in this case .exe .eXe .Exe and so fourth.
I'm stuck because it still posts fine instead of refreshing the page.
