What are the potential pitfalls of using the strpos function to check for bad words in a message?

Using the strpos function to check for bad words in a message may not be effective as it only checks for the presence of a substring, not the entire word. This can lead to false positives if a legitimate word contains a banned word as a substring. To solve this issue, you can use the preg_match function with word boundaries to ensure that the entire word is matched.

$message = &quot;This is a message with a bad word like crap in it.&quot;;
$bad_words = array(&quot;crap&quot;, &quot;badword&quot;, &quot;offensive&quot;);

foreach ($bad_words as $bad_word) {
    if (preg_match(&quot;/\b$bad_word\b/i&quot;, $message)) {
        echo &quot;Message contains a bad word: $bad_word&quot;;
        break;
    }
}

Keywords

strpos bad words message validation security

What are the potential pitfalls of using the strpos function to check for bad words in a message?

Keywords

Related Questions