Misunderstanding of strpos function in php

Modify theme comments-ajax.php files

In the comments-ajax.php file under the topic directory, around 60 rows (fields such as $ _ POST ['author'] in the user submitted comment form were just obtained ). Then add the following code to the file:

The code is as follows:

Copy code

/* * @ Author: vfhky September 21, 2013 * @ Variable string $ word: The keyword in the blacklist. You can increase or decrease the number as needed. * @ Variable string $ comment_author: The $ _ POST ['author'] field value submitted by the user, indicating the nickname * @ Variable string $ comment_content: The $ _ POST ['comment'] field value submitted by the user, indicating the comment content. **/ $ Words = "com, cn, info, net, www, http, cc, host, proxy, mobile, electricity, country, port, server, medical, fat, medicine, agricultural, credit, loan, daily, profit, net, ticket, domain, sales, yellow, company, enterprise, machine, rent, person, money, set, purchase, broadcast "; $ Word = explode (',', $ words ); $ Num = count ($ word ); For ($ I = 0; $ I <$ num; $ I ++ ){ If (strpos ($ comment_author, $ word [$ I], 0) | strpos ($ comment_content, $ word [$ I], 0 )){ Err (_ ('The ad is required to be deleted. Thank you for your understanding! ')); Break;     }     }

4 Postscript

Through the simple code above, we have submitted the verification of the keyword in the blacklist for the user nickname and comment content of the comment input. Once any of the above words are matched, such as www, the user will be prompted to "the advertisement will be deleted. Thank you for your understanding !", The effect is shown in the following figure. In this way, it is an insurance for the blog, enhancing the immunity of wordpress anti-spam comments, and implementing the non-plug-in method!

The above seems okay, but in the morning @ bad kids shoes, an evil test found a BUG in the code of the previous article. When I came back from work in the evening, I carefully read the code and found that I had a one-sided understanding of the strpos function. So I made a note to Mark it.

2. strpos function prototype

I believe everyone is familiar with strpos functions and can often see them in string processing. The strpos function is prototype:

/*
* @ Para string $ source: search for this string [*]
* @ Para mixed $ target: the string to be searched. If it is not a string, it is converted to an integer and considered as the sequential value of the character [*]
* @ Para int $ offset: the start position of the query.
* @ Return int/boolean: returns the position where the first occurrence is successful; returns FALSE if the first occurrence is failed.
**/
Int strpos (string $ source, mixed $ target [, int $ offset = 0]);
    

3 simple strpos function test

After understanding the prototype of the strpos function, let's take a look at a simple test code.

  

The code is as follows:

Copy code

/* * @ Author: vfhky September 21, 2013 * @ Description: directly click the key using two different test variables $ test_1 and $ test_2. **/ <? Php $ Words = "com, cn, info, net, www, http, cc, host, proxy, mobile, electricity, country, port, Day, purchase "; $ Word = explode (',', $ words ); $ Num = count ($ word ); $ Test_1 = "purchase TT "; For ($ I = 0; $ I <$ num; $ I ++ ){ If (strpos ($ test_1, $ word [$ I], 0 )){ Echo: The advertisement is required. Thank you for your understanding! '; Break;     }     } Echo "<br/> ---------- This is $ test_1 END ---------- <br/> ";      $ Test_2 = "bad and bad purchase TT "; For ($ I = 0; $ I <$ num; $ I ++ ){ If (strpos ($ test_2, $ word [$ I], 0 )){ Echo: The advertisement is required. Thank you for your understanding! '; Break;     }     } Echo "<br/> ---------- This is $ test_2 END ---------- <br/> "; ?>

The test results are shown in the following figure:

Discuss wordpress anti-spam comments again: it is a fault caused by strpos functions

4 strpos function test result analysis

The above code contains two different test variables $ test_1 and $ test_2, both of which contain the keywords in the blacklist: buy. However, the test results shown in the figure show that the $ test_1 variable is not effectively blocked, while the variable $ test_2 is prompted to contain ad words. The secret lies in the location where the word "buy" appears in the variables $ test_1 and $ test_2! When the keyword "buy" appears at the beginning ($ test_1), the execution result of the strpos ($ test_1, $ word [$ I], 0) function is 0, because the word "purchase" is at the top of the string "purchase TT. The if statement in the for loop is changed to if (0) {}, so it is not considered as spam comments, which causes a BUG. The following describes how to use the strpos function and the PHP regular expression to implement the "wordpress keyword blacklist: anti-spam comments and then upgrade ".
5.1 correct use of the strpos function to correct bugs

The code is as follows:

Copy code

/* * @ Author: vfhky September 24, 2013 * @ Description: Use the strpos function correctly to solve the BUG in the code of the previous article.     **/ $ Words = "com, cn, info, net, www, http, cc, host, proxy, mobile, electricity, country, port, server, medical, fat, medicine, agricultural, credit, credit, daily, purchase, broadcast "; $ Word = explode (',', $ words ); $ Num = count ($ word ); For ($ I = 0; $ I <$ num; $ I ++ ){ If (strpos ($ comment_author, $ word [$ I], 0 )! = False) | (strpos ($ comment_content, $ word [$ I], 0 )! = False )){ Err (_ ('The ad is required to be deleted. Thank you for your understanding! ')); Break;     }     }

5.2 use PHP regular expressions to correct bugs

   

The code is as follows:

Copy code

/* * @ Author: vfhky September 24, 2013 * @ Description: Use the PHP regular expression to correct the BUG and implement "wordpress keyword blacklist: anti-spam comments (non-plug-ins )"    **/ $ Words = "com, cn, info, net, www, http, cc, host, proxy, mobile, electricity, country, port, server, medical, fat, medicine, agricultural, credit, credit, daily, purchase, broadcast "; $ Word = explode (',', $ words ); $ Num = count ($ word ); For ($ I = 0; $ I <$ num; $ I ++ ){ If (preg_match ("/$ word [$ I]/I", $ comment_author) | preg_match ("/$ word [$ I]/I", $ comment_content )){ Err (_ ('The ad is required to be deleted. Thank you for your understanding! ')); Break;     }     }

6 Important notes for strpos functions

Note that the strpos function may return a Boolean value of FALSE, but may also return a non-Boolean value equivalent to FALSE.
For example, return integer 0, floating point value 0.0, empty string, string "0", excluding arrays of any elements, objects of any member variables, special types of NULL, and so on.
Therefore, use the constant operator "=" that checks the type of the returned value to test the return value of this function, rather than using the simple equal sign "=.

7 Update

With the reminder of @ Galaxy Emperor, arrays can be used to replace strings, and the execution efficiency should be similar.
7.1 use strpos functions + arrays to fix bugs

The code is as follows:

Copy code

$ Words = array ("com", "cn", "info", "net", "www", "http", "cc", "host ", "Agent", "mobile", "electricity", "country", "Port", "purchase "); $ Num = count ($ words ); For ($ I = 0; $ I <$ num; $ I ++ ){ If (strpos ($ comment_author, $ words [$ I], 0 )! = False | strpos ($ comment_content, $ words [$ I], 0 )! = False ){ Err (_ ('The ad is required to be deleted. Thank you for your understanding! ')); Break;     }     }

7.2 Use Regular Expression + array to fix bugs

  

The code is as follows:

Copy code

$ Words = array ("com", "cn", "info", "net", "www", "http", "cc", "host ", "Agent", "mobile", "electricity", "country", "Port", "purchase "); $ Num = count ($ words ); For ($ I = 0; $ I <$ num; $ I ++ ){ If (preg_match ("/$ words [$ I]/I", $ comment_author) | preg_match ("/$ words [$ I]/I", $ comment_content )){ Err (_ ('The ad is required to be deleted. Thank you for your understanding! ')); Break;     }     }