Spam protection: detect html tags or match patterns

lauthiamkok · March 11, 2010, 3:59pm

Hi,

This is what I can think of to detect spams from injecting into my database,

$SpamError = "Malicious code content detected. Your IP Number of ".getenv("REMOTE_ADDR")."has been logged.";

if (preg_match("/a href/i", "$message_content")) {
  $spam = true; 
  echo '<error message="'.$SpamErrorMessage.'"/>'; 
}

the idea is to match if <a href> exist, if it does, then it is a spam.

what if I have more patterns that I want to check, like <img> tags? how should I rewrite this code?

preg_match(“/a href/i”, “$message_content”);

but I think the best way is to detect if there is any html tag exist, then it must be a spam. how do I write the code to detect html tags from the input…?

Many thanks,
Lau

AlienDev · March 11, 2010, 5:00pm

Checking for “a href” is the completely wrong way. What if the spammer uses “a href” (notice a double space). What if a real user wants to put in a link?

Either use a markup for comments like BBCode/Markdown, or human-review everything.

I won’t help with the original question because your idea makes me angry.

Topic		Replies	Views
How to prevent HTML with PHP? PHP	10	585	May 7, 2010
How to disable Html in TextBox/Textarea PHP	9	7632	May 18, 2011
Adding Spambot protection and getting it working PHP	12	770	August 24, 2011
Im receiving lots of spamm action in forms PHP	1	259	June 23, 2010
Anti-spam measures for online contact form PHP	5	1315	June 22, 2010

Spam protection: detect html tags or match patterns

Related topics