mysql语句删除php文件_php – 从mysql插入语句中删除链接？

我想知道是否有人可以请求帮助,我正在运行

MySQL插入查询,因此当用户填写表单时,它会将内容插入到数据库中.但是,我试图这样做,以便我可以删除/阻止链接(URL)插入.

我正在尝试这个,但我是MySQL的新手,我无法让它工作,我不确定我做得对,如果有人可以提供帮助,我将不胜感激.

提前致谢,

// check if the review form has been sent

if(isset($_POST['review_content']))

if(isset($_POST['review_recipient']))

{

$content = $_POST['review_content'];

$review_recipient = $_POST['review_recipient'];

//We remove slashes depending on the configuration

if(get_magic_quotes_gpc())

{

$content = stripslashes($content);

$review_recipient = stripslashes($review_recipient);

}

//We check if all the fields are filled

if($_POST['review_content']!='')

if($_POST['review_recipient']!='')

{

{

$forbidden = array('', '', '#<.>([^>]*)#i');

$matches = array('****', '****', '****');

$post = preg_replace($forbidden, $matches, $post);

$sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";

mysql_query($sql, $connection);

$_SESSION['message']="

Thank You - Your review has been sent and is awaiting approval.

header("Location: {$_SERVER['HTTP_REFERER']}");

} } } } } ?>

更新：

好吧所以我试图这样做,但它仍然允许显示网址

// check if the review form has been sent

if(isset($_POST['review_content']))

if(isset($_POST['review_recipient']))

{

$content = $_POST['review_content'];

$review_recipient = $_POST['review_recipient'];

//We remove slashes depending on the configuration

if(get_magic_quotes_gpc())

{

$content = stripslashes($content);

$review_recipient = stripslashes($review_recipient);

$regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";

$replacement = "[blocked url]";

$review_recipient = reg_replace($regex,$replacement,$_POST['review_recipient']);

$profile_id = intval($_POST['profile_id ']); //dont know how you get this

$content = reg_replace($regex,$replacement,$_POST['review_content']);

}

//We check if all the fields are filled

if($_POST['review_content']!='')

if($_POST['review_recipient']!='')

{

{

$sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";

mysql_query($sql, $connection);

$_SESSION['message']="

Thank You - Your review has been sent and is awaiting approval.

header("Location: {$_SERVER['HTTP_REFERER']}");

} } } } } ?>

最佳答案 你遇到的问题是你在get_magic_quotes_gpc()调用中得到了正则表达式检查,Joel的代码也将reg_replace作为拼写错误,否则就行了(如果你把它放在魔术引号之外).

这是一个完全更新的脚本供您试用.

ob_start();

// check if the review form has been sent

if(isset($_POST['review_content'])) {

if(isset($_POST['review_recipient'])) {

$content = $_POST['review_content'];

$review_recipient = $_POST['review_recipient'];

//We remove slashes depending on the configuration

if(get_magic_quotes_gpc()) {

$content = stripslashes($content);

$review_recipient = stripslashes($review_recipient);

}

$regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";

$replacement = "[blocked url]";

$review_recipient = preg_replace($regex,$replacement,$_POST['review_recipient']);

//$profile_id = intval($_POST['profile_id']); //dont know how you get this

$content = preg_replace($regex,$replacement,$_POST['review_content']);

//We check if all the fields are filled

if($_POST['review_content']!='') {

if($_POST['review_recipient']!='') {

$sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";

mysql_query($sql, $connection);

$_SESSION['message']="

Thank You - Your review has been sent and is awaiting approval.

header("Location: {$_SERVER['HTTP_REFERER']}");

}

}

}

}

?>

如果你想阻止特定的单词,你也可以添加如下内容：

$regex2 = "/(.*)\b(word1|word2|word3)\b(.*)/";

$replacement2 = "[blocked word]";

然后将preg_replace更改为以下内容：

$content = preg_replace(Array($regex, $regex2),Array($replacement, $replacement2),$_POST['review_content']);