When we accept input from users that we plan to display on our web site, we can't always be sure that what the user inputs is acceptable content. It becomes necessary to filter the data, for instance to try and ensure that foul language is not displayed on our web site where others can see it.
The 'str_replace()' function is a perfect match for this situation. It allows you to search in a string for any substring and replace it with any string you provide. All the parameters for the 'str_replace()' function can be a string, or an array. This allows added flexibility in that we can provide multiple substrings to search for at one time. Let's take a look at how we can incorporate data filtering.
<?php $text = "I am a badword and will be replaced.<br /> More bwrds are in this bdlywrded sentence";
I am a !@#$% and will be replaced. More !@#$% are in this !@#$%ed sentence
All the words specified in the '$badwords' array have been replaced with !@#$%.
If the third parameter, the subject of the operation, is an array, then each element of the array will have replacements made to it.
There are drawbacks to this approach worth mentioning however. The substr_replace()' function does not worry about whether the substring is an entire word or not. Because of this if a word in the '$badwords' array is a part of another word, the filtering will take place in the middle of the other word. One way to combat this side effect is to add a space before each word in the '$badwords' array. This will solve one problem but add another. The code will no longer catch bad words that start the string or come immediately before punctuation.
Regular expressions provide a more complete solution at the cost of speed. The string functions covered in this tutorial are much faster than regular expressions.