I basically want to scan a load of comments for illegal words and then replace those illegal words with a clean version.
I have two arrays, one array has all the comments to check, the other array has all of the illegal words to look for.
The first for loop gets the comments, the nested for loop then scans the comments for each of the illegal words and replaces them. The thing is though - it doesn't actually seem to work. Could you please advise if it is a problem with my loop structure, or the actual update logic?
$numComments = count($commentsToCheck);
$numIllegalWords = count($illegalWords);
for($i = 0; $i <= $numComments; $i++)
{
$message = $commentsToCheck[$i]['message'];
$commentId = $commentsToCheck[$i]['id'];
//error_log($message.'-'.$commentId);
for($j = 0; $j <= $numIllegalWords; $j++)
{
//Get word to replace with
$word = $illegalWords[$j]['word'];
//error_log($word);
$length = strlen($word);
$first = substr($word,0);
$last = substr($word,-1);
$starLength = $length - 2;
$replacement = $first.str_repeat('*',$starLength).$last;
$newMessage = preg_replace('/\b'.$word.'\b/i', $replacement, $message);
//Update the comment
$sql = "UPDATE ow_base_comment SET message = $newMessage WHERE id = $commentId LIMIT 1";
OW::getDbo()->query($sql);
}
}
Shouldnt your query not be what I placed below, since it wont see now the actual variables in the query. It will technincally just update nothing, cause there is no actual variable set.
$sql = "UPDATE ow_base_comment SET message = '".$newMessage."' WHERE id = '".$commentId."' LIMIT 1";
It's a common error to forget the quotes within PHP.
Related
I need to update tags column so each cell has the content like this:
2-5-1-14-5
or
3-9-14-19-23
or simmilar (five integers, in range from 1-25).
id column is not consecutive from 1-117, but anyway min id is 1 and max 117.
$arr = [];
$str = '';
$id = 1;
for ($x = 1; $x <= 25; $x++){
array_push($arr, $x);
}
while ($id < 117) {
shuffle($arr);
array_splice($arr, 5, 25);
foreach ($arr as $el){
$str .= $el . '-';
}
$str = rtrim($str,'-');
$db->query("update posts set tags = '" . $str . "' where id = " . $id);
$id += 1;
}
I'm not sure how to describe the final result, but it seems that the majority of cells are written multiple times.
Any help ?
To combine my comments into one piece of code:
$full = range(1, 25);
$id = 1;
while ($id < 117) {
shuffle($full);
$section = array_slice($full, 0, 5);
$str = implode('-',$section);
$db->query("update posts set tags = '" . $str . "' where id = " . $id);
$id += 1;
}
So the reset of $str is not needed anymore since I have inserted the implode() where it seems functional. The other bits of code could probably be improved.
Two warnings:
Using PHP variables directly in queries is not a good idea. Please use parameter binding. This particular piece of code might not be vulnerable to SQL-injection but if you do the same elsewhere it might be.
Your database doesn't seem to be normalized. This might cause trouble for you in the long run when you expand your application.
I am trying the use refine tools for a search on my website. The bit i'm stuck with is search by start letter. For example i could use a wildcard '%X%' but his would return anything that contained the letter 'x'.
I read on few sites that SUBSTRING can be used in mysql queries
http://dev.mysql.com/
http://www.kirupa.com/
https://stackoverflow.com/questions/6302027
This is what I have so far but returns nothing. There is data in the database that should return with the query.
public function refineUsersFollowers($user_id,$q){
if($this->databaseConnection()){
// get the users followers
$state = array(1,2);
$stmt = $this->db_connection->prepare("SELECT * FROM friends WHERE id_2 = :1 AND Friend_Request_State = :2 OR id_2 = :3 AND Friend_Request_State = :4");
$stmt->bindParam(':1', $user_id);
$stmt->bindParam(':2', $state[0]);
$stmt->bindParam(':3', $user_id);
$stmt->bindParam(':4', $state[1]);
$stmt->execute();
// format the SQL OR statements
$sql = '';
$ids = [];
while($rows = $stmt->fetch(\PDO::FETCH_ASSOC)){
array_push($ids,$rows['id_1']);
}
for($x = 0; $x < count($ids); $x++){
if(count($ids) == 1){
//if there is one result
$sql.= ' user_id = :'.$x." AND SUBSTRING('first_name',0,1) = :".$x.$x;
}else if($x == (count($ids) - 1)){
// last entry
$sql.= ' user_id = :'.$x." AND SUBSTRING('first_name',0,1) = :".$x.$x;
}else{
//continue loop
$sql.= ' user_id = :'.$x." AND SUBSTRING('first_name',0,1) = :".$x.$x." OR";
}
}
$stmt = $this->db_connection->prepare("SELECT * FROM account WHERE ".$sql);
for($x = 0; $x < count($ids); $x++){
$stmt->bindParam(':'.$x,$ids[$x]);
$insert = $x.$x.'';
$stmt->bindParam(':'.$insert,$q);
}
$stmt->execute();
$results = $stmt->fetch(\PDO::FETCH_ASSOC);
print_r($results);
// check for followers that start with letter
}
}
The first part of the function is fine, this gets an array of id's which is then placed together as an SQL string. Is the SQL not returning results because SUBSTRING is not supported in this way?
If so is there a way of producing a query like this or would it be easier to pull every result from the database then check them in a different function?
You have two issues with this expression:
SUBSTRING('first_name', 0, 1) = :".$x.$x;
First, substr() in SQL (in general) starts counting with 1 and not 0. So, the first argument should be 1.
Second, you have the first argument in single quotes. So, at best, this would return the letter 'f'. Here is a simple rule: Only use single quotes for string and date constants. Never use single quotes to refer to column names.
There are several way to write what you want. Here are three:
SUBSTRING(first_name, 1, 1) = $x
LEFT(first_name, 1) = $x
first_name like '$x%'
You query can be greatly simplified with the LIKE operator. This:
"AND SUBSTRING('first_name',0,1) = :".$x.$x;
can become this:
"AND first_name LIKE '".$x.$x."%'";
I'm not sure what the $x.$x is for, so I just left it in for illustrative purposes.
Please help me solve this problem:
if($_POST["keyword"]) {
$keyword = $_POST["keyword"];
$keyword = trim($keyword);
$keyword_array = explode(" ",$keyword);
$numberofwords = (integer)count($keyword_array);
require("server.php");
$link = open_koneksi();
$tbl_name = "author";
$query = "SELECT COUNT(*) as num FROM $tbl_name WHERE " ;
for ($x = 0; $x<= $numberofwords; $x++) {
$query .= "author LIKE '%$keyword_array[$x]%'";
if ( $x < $numberofwords ) {
$query .= " AND ";
}
}
echo("<SCRIPT>document.location.href='?p=result';</SCRIPT>");
}
If the code in the program segment is executed, there will be a warning as follows:
Notice: Undefined offset: 1 in C:\xampp\htdocs\bijang\result.php on line 111
Location of faults refer to this code:
$query .= "author LIKE '%$keyword_array[$x]%'";
How do I fix this?
Your problem is probably this:
for ($x = 0; $x<= $numberofwords; $x++) {
##
You are counting indexes 0 till 1, because the previous count() gave you 1. But that's the total number of indexes, the last index is still 0.
Change it into:
for ($x = 0; $x < $numberofwords; $x++) {
#
Better yet, just use an foreach:
foreach ($keyword_array as $x => $kw) {
That counts the indexes in $x implicitly.
You probably still have to change your last entry detection for the AND fillers. (Commonly you first make an array of substrings, then implode() with the filler " AND ".)
YadaYada: Also take care about unfiltered input. Use the database escaping function for text strings. It's heaps easier to use PDO and prepared statements though.
Cause the $keyword_array array don't have the $x key.
turns out, to overcome, just one word:
error_reporting(0);
the question, whether the notice was included as part of the error?
If i've database my_table (id,word) as following
and i've some posted text called $name then i want to know if $name have any word like words i've stored in my database my_table (id,word)
so i'm using this code
$name = "Hello lovely world"; // no bad words
$sql = "SELECT * FROM my_table";
$result = mysql_query($sql);
$commentArray = explode(" ", $name);
$counter = count($commentArray);
$check = 0;
while ($row = mysql_fetch_assoc($result)) {
for ($i == 0; $i < $counter; $i++) {
if (strcasecmp($commentArray[$i], $row['word'])) {
$check = 1;
}
}
}
if ($check == 1) {
echo "banned";
exit;
}
else {
echo "passed";
}
however it always results in echo "banned"; even if i $name is clear of any bad words i've stored in my_table so there might be something wrong here !
anyhelp
strcasecmp returns 0 when it matches (PHP manual), so you should edit your code:
if (strcasecmp($commentArray[$i], $row['word']) == 0)
Furthermore, you have a syntax error in your for loop. It should be for ($i = 0; ...
You have a syntax error.
for ($i = 0...
And not
for ($i == 0...
Also, you should indent your code properly, it looks better and it'll help you later on.
The thing is strcasecmp returns 0 if the strings are equal. You ought to change it to if (strcasecmp($var1, $var2) == 0).
As a starting point, I'd suggest storing only lowercased words in the table, lowercasing the input text first, and then replacing the whole strcasecmp loop with an in_array($row['word'], $commentArray);. And break; after the first match.
But this entire approach doesn't scale - you're selecting all the entries in the table. If your table grows beyond a certain size, that will be a serious bottleneck and you'll need to look into matching on the DB side.
Hey does anyone know a reason why this is not working? its not calculating any of the additions and just entering 0 into the database. Any help would be great, thank you!.
$member_id = //users member id in database//
$track = //the track results being updated//
$engine = //the engine id from the members table in database//
$engine_points_system = array();
$engine_points_system["qualpos1"] = 30;
$engine_points_system["qualpos2"] = 20;
$engine_points_system["qualpos3"] = 18;
$engine_points_system["qualpos4"] = 17;
$engine_points_system["qualpos5"] = 16;
$enginepoints = 0;
$qualifyingpoints = 0;
$results_query = mysql_query("SELECT pos_1, pos_2, pos_3, pos_4, pos_5
from engine_qualifying_results WHERE track_id = '$track'")
or die ("Failed to update" . mysql_error());
$row = mysql_fetch_array($results_query);
$enginequalifying = array();
for ($i = 1; $i <= 5; $i++) {
$enginequalifying["pos$i"] = $row['pos_$i'];
}
for($i = 1; $i <=5; $i++) {
if($engine == $enginequalifying["pos$i"]){
$enginepoints += $engine_points_system["qualpos$i"];
$qualifyingpoints += $engine_points_system["qualpos$i"];
}
}
$results_query = mysql_query("INSERT INTO member_results (member_id, engine_points)
VALUES ('$member_id', $enginepoints')")
or die ("Failed to update" . mysql_error());
$enginequalifying["pos$i"] = $row['pos_$i'];
In this line you have 'pos_$i'. This is the literal string 'pos_$i'. You should use "pos_$i" instead.
$enginequalifying["pos$i"] = $row["pos_$i"];
UPDATE:
In your code $enginequalifying is redundant, and not needed. You can just use $row in its place.
for($i = 1; $i <=5; $i++){
if($engine == $row["pos_$i"]){
$enginepoints += $engine_points_system["qualpos$i"];
$qualifyingpoints += $engine_points_system["qualpos$i"];
}
}
Also, as #ax. points out, you have an extra ' (or a missing ') in your INSERT.
$results_query = mysql_query("INSERT INTO member_results (member_id, engine_points)
VALUES ('$member_id', '$enginepoints')")
or die ("Failed to update" . mysql_error());
Look at this code:
<?php
$i = 5;
print "i is $i";
print "\n";
print 'i is $i';
?>
You'd expect it to print:
i is 5
i is 5
But instead, it will print:
i is 5
i is $i
This happens because when the string is wrapped in single quotes, $i is not evaluated. It is just the string $i.
To fix the code, try replacing this line:
$enginequalifying["pos$i"] = $row['pos_$i'];
With this line:
$enginequalifying["pos$i"] = $row["pos_$i"];
Quotes make a difference.
And by the way, ESCAPE YOUR SQL!!!. Please?
Not an answer, but too ugly to put into a comment: You could bypass the entire loop to build the enginequalifying array by simply doing:
SELECT pos_1 AS pos1, pos_2 AS pos2, etc...
for your query, then simply having:
$enginequalifying = mysql_fetch_assoc($result);
It's a waste of CPU cycles to have PHP fetch/rename database fields for you when a simple as alias in the original query string can accomplish the exact same thing.
And incidentally, this will also remove the string-quoting error you've got that Rocket pointed out in his answer.
I dont think it is possible to say without knowing what you have in your database.
But I can tell you that you have a syntax error in the last SQL query ($enginepoints ends with a quote).