Home/ Questions/Q 3490642
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T11:32:28+00:00

I’m trying to work out how to go about checking a text area to

  • 0

I’m trying to work out how to go about checking a text area to see if it contains a certain phrase.

I believe I could maybe use .indexOf?

It’s just I have a validation script to check the contents of a contact form. Lately I have been receiving a fair bit of spam through. I have noticed that all these spam messages contain the phrase [url= and I thought, if I could perhaps add a small script to check if the text area contained such a phrase and, if so, stop the message being sent.

At present I have this simple snippet of javascript to check whether the text area is blank:

if (message.val()=='') {  
        message.addClass('highlight');
        message.focus();
        return false;  
    } else message.removeClass('highlight');

Any good ways to add something to check if the message field contains [url=

I also have a similar php validation script:

if (!$message) $errors[count($errors)] = 'Please click back and enter your message.';

Any ideas how I could add a similar validation script to check if message contains [url= in php too?

Any help would be greatly appreciated! :o)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s unlikely that you’ll stop spam by checking the contents of your textarea at the client side:- the spammer is more than likely POSTing directly to your server side script, so you’ll need to do your filtering there. Also checking for a particular pattern will only work until the pattern changes and then you’ll have to update your script.
    A common solution to this problem is the use of a One-Time Form Token.
    When you serve the form you generate a random string of characters and place that token in a hidden field in the form. You also store the token on the server in a session or in a database. When the form is submitted you match the stored and submitted tokens. This way you can be more sure that the form itself was filled in and submitted and that you aren’t receiving data from a bot.
    For extra security you can only allow each token to be used once only, guarding against multiple submissions.

    UPDATE
    A very simple, one page example

    <?php
session_start();

/**
 * Process the form if we have a token that we recognise
 * otherwise just present the form again, you probably want to handle this a bit better 
 */
if( isset( $_POST['token'] ) && isset( $_SESSION['token'] ) 
    && $_POST['token'] === $_SESSION['token'] ) {

    // no more submissions using this token
    unset( $_SESSION['token'] );

    $name    = clean( $_POST['name'] );
    $comment = clean( $_POST['comment'] );

    // process the input and redirect to a confirmation
    // just echoing data for example
    echo "$name said $comment";
    die();
} else {
    $token = uniqid();
    $_SESSION['token'] = $token;
}

/**
 * Stub function that cleans user input
 * @param String $str
 */
function clean( $str ) {
    return $str;
}
?>
<html>
  <head>
    <title>Form token example</title>
  </head>
  <body>
      <form method="post">
          <label>
               Name<br/>
               <input type="text" name="name"/>
          </label>
          <br/>
          <label>
              Comment<br/>
              <textarea name="comment"></textarea>
          </label>
          <br/>
          <label>
              <input type="submit"/>
          </label>
          <br/>
          <br/>
          The token field would normally be hidden, it's displayed here so that the user can change it for testing<br/>
          <input type="text" name="token" value="<?php echo $token ?>"/><br/>
      </form>
  </body>
</html>
    • 0