Even with a strong Captcha system in place, you will still find users trying to manually spam your web site. They tend to be people who discover your site through a very specific search engine query, for which they would like their own site to also rank well, and they hope that by adding a link back to their site from yours this will happen. Using this recipe, you can specify a set of keywords that will trigger spam detection, and then use the level of spam certainty returned by the function to decide whether to ignore a user post. https://www.chat-to.dev/post?id=11 #php #programming
Why would you trust any user input to begin with? If a person can spam links, there are bigger problems on the site. I would immediately start trying any and all forms of html and script injection if I saw that problem. The data is probably going back to a database anyway, so that is probably vulnerable as well.
Comparing against a short word list is also a lost cause. The input needs to be fully sanitized before it even gets shown.
I applaud the effort to teach, but there are more conceptual issues that need to be addressed first.