我想知道是否有人可以帮忙,我正在运行 MySQL 插入查询,所以当用户填写表单时,它会将内容插入数据库。但是,我正在尝试这样做,以便我可以删除/阻止插入链接(URL)。
我正在尝试这个,但我是 MySQL 的新手,无法让它工作,我不确定我做得对,如果有人能提供帮助,我将不胜感激。
提前致谢,
<?php ob_start(); ?>
<?php
// check if the review form has been sent
if(isset($_POST['review_content']))
if(isset($_POST['review_recipient']))
{
$content = $_POST['review_content'];
$review_recipient = $_POST['review_recipient'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$content = stripslashes($content);
$review_recipient = stripslashes($review_recipient);
}
//We check if all the fields are filled
if($_POST['review_content']!='')
if($_POST['review_recipient']!='')
{
{
$forbidden = array('<[\w.]+@[\w.]+>', '<\w{3,6}:(?:(?://)|(?:\\\\))[^\s]+>', '#<.*?>([^>]*)</a>#i');
$matches = array('****', '****', '****');
$post = preg_replace($forbidden, $matches, $post);
$sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";
mysql_query($sql, $connection);
$_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>";
header("Location: {$_SERVER['HTTP_REFERER']}");
} } } } } ?>
更新:
好的,所以我正在尝试这样做,但它仍然允许显示 url
<?php ob_start(); ?>
<?php
// check if the review form has been sent
if(isset($_POST['review_content']))
if(isset($_POST['review_recipient']))
{
$content = $_POST['review_content'];
$review_recipient = $_POST['review_recipient'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$content = stripslashes($content);
$review_recipient = stripslashes($review_recipient);
$regex = "/(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w\.-]*)*\/?/";
$replacement = "[blocked url]";
$review_recipient = reg_replace($regex,$replacement,$_POST['review_recipient']);
$profile_id = intval($_POST['profile_id ']); //dont know how you get this
$content = reg_replace($regex,$replacement,$_POST['review_content']);
}
//We check if all the fields are filled
if($_POST['review_content']!='')
if($_POST['review_recipient']!='')
{
{
$sql = "INSERT INTO ptb_reviews (id, from_user_id, from_guest, to_user_id, content) VALUES (NULL, '-1', '".$review_recipient."', '".$profile_id."', '".$content."');";
mysql_query($sql, $connection);
$_SESSION['message']="<div class=\"infobox-wallpost\"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class=\"infobox-close4\"></div>";
header("Location: {$_SERVER['HTTP_REFERER']}");
} } } } } ?>