Filter Bad Words

Olá a todos, estou eu aqui mais uma vez importunando os membros do forum ^^, com minhas duvidas.

O meu problema é o seguinte, possuo uma pagina para mudança de nick, onde o usuario informa seu login, senha, e novo nick, para que ocorra a mudança.

Mas preciso inibir uma palavra, seja ela da forma que for escrita ( carro, CarRo, cArrO, CARRO ).

Ja tentei de tudo no meu anti-sql injection e nao consegui.

Meu script compelto é esse:

>

<html>

<head>

<meta http-equiv=Page-Exit content=blendTrans(Duration=1.0)>

<title>DarkBreak</title>

 

<style>

<!--

 .texto{

 font-family:Verdana;

 font-size:12px;

 color:#333333;

 }

 .formulario{

 font-family:Verdana;

 font-size:12px;

 color:#333333;

 font-weight:bold;

}

-->

</style>

</head>

<body onselectstart="return false" oncontextmenu="return false" topmargin="0" leftmargin="0" background="../imagens/fundo2.jpg">

 

<?PHP

include("config.php");

 ?>

 <?PHP include("config.php");

require_once "sql_inject.php";

$bDestroy_session = TRUE;

$url_redirect = 'index.php';

$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;

require 'config.php';

?>

<script language="JavaScript">

 function blockError(){return true;}

 window.onerror = blockError;

 </script>

<script language=JavaScript>

 function disableselect(e) {

 return false

 }

 function reEnable() {

 return true

 }

 //if IE4+

 document.onselectstart=new Function ("return false")

 //if NS6

 if (window.sidebar) {

 document.onmousedown=disableselect

 document.onclick=reEnable

 }

 </script>

<script language=JavaScript>

<!--

function clickIE4(){

if (event.button==2){

alert(message);

return false;

}

}

 

function clickNS4(e){

if (document.layers||document.getElementById&&!document.all){

if (e.which==2||e.which==3){

alert(message);

return false;

}

}

}

 

if (document.layers){

document.captureEvents(Event.MOUSEDOWN);

document.onmousedown=clickNS4;

}

else if (document.all&&!document.getElementById){

document.onmousedown=clickIE4;

}

 

document.oncontextmenu=new Function("alert(message);return false")

// -->

<script language="JavaScript">

if (window != top) top.location.href = location.href;

</script>

<script language="JavaScript">

function click() {

if (event.button==2) {

}

}

document.onmousedown=click

</script>

 

</script>

<script language="JavaScript">

function click() {

if (event.button==2) {

}

}

document.onmousedown=click

</script>

 

 

<html>

<body>

 

<br>

<div align="center">

 <table width="367" border="0" cellspacing="0" cellpadding="0">

 <tr>

 <td height="21"><div align="center"><font face="Verdana"><strong><b><font color="#333333" size="1" face="Verdana">Mudar

 nome do Char</font></b></strong></font></div></td>

 </tr>

 <tr>

 <td><div align="center">

<br>

<?php

//Mu KóReia Files - www.mukoreia.net

//by louis

//www.muonlinebr.com .. www.virtualmu.com.br

$login = stripslashes($_POST['login']);

$id = stripslashes($_POST['id']);

$Character = stripslashes($_POST['character']);

$pwd = stripslashes($_POST['pwd']);

if ((eregi("[^a-zA-Z0-9_-]", $login)) || (eregi("[^a-zA-Z0-9_-]", $pwd)) || (eregi("[^a-zA-Z0-9_-]", $id)) || (eregi("[^a-zA-Z0-9_-]", $character)) )

{

	echo("Segurança ativada. Caracteres Invalidos!");

 exit();

	}

 

require 'config.php';

$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");

$msdb=mssql_select_db("MuOnline",$msconnect);

require_once "sql_inject.php";

include_once('sql_check.php');

check_inject();

if (empty($id))

{

 echo "<center><font color='#000000'>Campos em Branco. Volte e tente novamente.<br>";

	}

elseif (eregi("[^0-9]", $id))

{

echo "<center><font color='RED'>ID INVALIDO<br>";

}

else {

if ($id==1) {$GameID = GameID1;}

elseif ($id==2) {$GameID = GameID2;}

elseif ($id==3) {$GameID = GameID3;}

elseif ($id==4) {$GameID = GameID4;}

elseif ($id==5) {$GameID = GameID5;}

else {echo "<center><font color=#000000>Coloque um ID correto.";}

 

 

$VIP = "Select CtLcode FROM Character WHERE accountid='$login'";

$VIP2 = mssql_query( $VIP );

$VIP3 = mssql_fetch_row($VIP2);

 

$ON = "Select ConnectStat FROM MEMB_stat WHERE memb___id='$login'";

$ON2 = mssql_query( $ON );

$ON3 = mssql_fetch_row($ON2);

 

$bDestroy_session = TRUE;

$url_redirect = 'index.php';

$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;

 

$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login' AND memb__pwd='$pwd'");

$username_check = mssql_num_rows($sql_username_check);

 

$sql_name_check = mssql_query("Select Name FROM Character WHERE Name = '$Character'");

$name_check = mssql_num_rows($sql_name_check);

if (empty($login) || empty($pwd) || empty($id) || empty($character))

{

 echo "<center><font color='#000000'>Erro: Todos os campos estão em branco. Volte e tente novamente.<br>";

	}

elseif ($username_check <= 0)

{

 echo "<center><font color='#000000'>Erro: Seu login nao exite em nosso banco de dados ou a senha esta incorreta.<br>";

	}

elseif ($ON3[0] == 1){

echo "<center><font color='#000000'>Você está conectado no jogo. Saia e tente novamente!!!<br>"; }

elseif ($VIP3[0] == 25){

echo "<center><font color='#000000'>Voce esta banido, e nao pode mudar de nick.<br>"; }

elseif ($name_check > 0)

{

echo "<center><font color='#000000'>O nome que você escolheu ja exite, escolha outro!";

}

else

{

$sql_name_get = mssql_query("SELECT $GameID FROM AccountCharacter WHERE Id='$login'");

$name_get = mssql_fetch_row( $sql_name_get );

$query =

"

 Update dbo.Guild

	SET G_Master = '$Character' WHERE G_Master = '$name_get[0]'

	Update dbo.GuildMember

	SET Name = '$Character' WHERE Name = '$name_get[0]'

	Update dbo.OptionData

	SET Name = '$Character' WHERE Name = '$name_get[0]'

	Update dbo.AccountCharacter

	SET $GameID = '$Character' WHERE Id = '$login'

	Update dbo.Character

	SET Name = '$Character' WHERE AccountID = '$login' AND Name = '$name_get[0]'

	delete from guildmember where name='$name_get[0]'

	";

$sqlinject->test($query);

 

 

	$msresults= mssql_query($query);

	echo "<center><font color='#000000'>Char $name_get[0] Agora é $character.";

	}

}

?>

 <BR><BR> </div></td>

 </tr>

 <tr>

 </tr>

 </table>

</div>

 

</body>

</html>

 

<style>

<!--

 .texto{

 font-family:Verdana, Arial, Helvetica, sans-serif;

 font-size:10px;

 color:#333333;

 text-decoration:none;

 }

a.link {

 font-family:Verdana, Arial, Helvetica, sans-serif;

 font-size:10px;

 color:#666666;

 font-weight:bold;

 text-decoration:none;

}

a.link:active {

 font-family:Verdana, Arial, Helvetica, sans-serif;

 font-size:10px;

 color:#666666;

 font-weight:bold;

 text-decoration:none;

}

a.link:hover {

 font-family:Verdana, Arial, Helvetica, sans-serif;

 font-size:10px;

 color:#333333;

 font-weight:bold;

 text-decoration:none;

 }

a.link1 { font-family:Verdana, Arial, Helvetica, sans-serif;

 font-size:10px;

 color:#006600;

 font-weight:bold;

 text-decoration:none;

 }

input {

	background-color: #E2E2E2;

	border-color:#333333;

	border:thick;

	}

input:hover {

	background-color: #E2E2E2;

	border-color:#333333;

	border:thick;

}

body{

	scrollbar-face-color: #DEE3E7;

	scrollbar-highlight-color: #FFFFFF;

	scrollbar-shadow-color: #DEE3E7;

	scrollbar-3dlight-color: #D1D7DC;

	scrollbar-arrow-color: #006699;

	scrollbar-track-color: #EFEFEF;

	scrollbar-darkshadow-color: #98AAB1;

}

.style10 {color: #0000FF}

.style11 {color: #000000}

.style12 {color: #FF0000}

-->

</style>

Grato, Michel