Title: check_comment
Published: April 25, 2014
Last modified: April 28, 2025

---

# check_comment( string $author, string $email, string $url, string $comment, string $user_ip, string $user_agent, string $comment_type ): bool

## In this article

 * [Description](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#description)
 * [Parameters](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#return)
 * [More Information](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#more-information)
 * [Source](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#changelog)
 * [User Contributed Notes](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#user-contributed-notes)

[ Back to top](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#wp--skip-link--target)

Checks whether a comment passes internal checks to be allowed to add.

## 󠀁[Description](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#description)󠁿

If manual comment moderation is set in the administration, then all checks, regardless
of their type and substance, will fail and the function will return false.

If the number of links exceeds the amount in the administration, then the check 
fails. If any of the parameter contents contain any disallowed words, then the check
fails.

If the comment author was approved before, then the comment is automatically approved.

If all checks pass, the function will return true.

## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#parameters)󠁿

 `$author`stringrequired

Comment author name.

`$email`stringrequired

Comment author email.

`$url`stringrequired

Comment author URL.

`$comment`stringrequired

Content of the comment.

`$user_ip`stringrequired

Comment author IP address.

`$user_agent`stringrequired

Comment author User-Agent.

`$comment_type`stringrequired

Comment type, either user-submitted comment, trackback, or pingback.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#return)󠁿

 bool If all checks pass, true, otherwise false.

## 󠀁[More Information](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#more-information)󠁿

Returns `false` if in [Comment_Moderation](https://wordpress.org/support/article/comment-moderation/):

* The Administrator must approve all messages,
 * The number of external links is
too high, or * Any banned word, name, URL, e-mail, or IP is found in any parameter
except `$comment_type`.

Returns `true` if the Administrator does not have to approve all messages and:

* `$comment_type` parameter is a `[trackback](https://wordpress.org/support/article/glossary/#trackback)`
or `[pingback](https://wordpress.org/support/article/glossary/#pingback)` and part
of the `[blogroll](https://wordpress.org/support/article/glossary/#blogroll)`, or
*`
$author` and `$email` parameters have been approved previously.

Returns `true` in all other cases.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#source)󠁿

    ```php
    function check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) {
    	global $wpdb;

    	// If manual moderation is enabled, skip all checks and return false.
    	if ( '1' === get_option( 'comment_moderation' ) ) {
    		return false;
    	}

    	/** This filter is documented in wp-includes/comment-template.php */
    	$comment = apply_filters( 'comment_text', $comment, null, array() );

    	// Check for the number of external links if a max allowed number is set.
    	$max_links = get_option( 'comment_max_links' );
    	if ( $max_links ) {
    		$num_links = preg_match_all( '/<a [^>]*href/i', $comment, $out );

    		/**
    		 * Filters the number of links found in a comment.
    		 *
    		 * @since 3.0.0
    		 * @since 4.7.0 Added the `$comment` parameter.
    		 *
    		 * @param int    $num_links The number of links found.
    		 * @param string $url       Comment author's URL. Included in allowed links total.
    		 * @param string $comment   Content of the comment.
    		 */
    		$num_links = apply_filters( 'comment_max_links_url', $num_links, $url, $comment );

    		/*
    		 * If the number of links in the comment exceeds the allowed amount,
    		 * fail the check by returning false.
    		 */
    		if ( $num_links >= $max_links ) {
    			return false;
    		}
    	}

    	$mod_keys = trim( get_option( 'moderation_keys' ) );

    	// If moderation 'keys' (keywords) are set, process them.
    	if ( ! empty( $mod_keys ) ) {
    		$words = explode( "\n", $mod_keys );

    		foreach ( (array) $words as $word ) {
    			$word = trim( $word );

    			// Skip empty lines.
    			if ( empty( $word ) ) {
    				continue;
    			}

    			/*
    			 * Do some escaping magic so that '#' (number of) characters in the spam
    			 * words don't break things:
    			 */
    			$word = preg_quote( $word, '#' );

    			/*
    			 * Check the comment fields for moderation keywords. If any are found,
    			 * fail the check for the given field by returning false.
    			 */
    			$pattern = "#$word#iu";
    			if ( preg_match( $pattern, $author ) ) {
    				return false;
    			}
    			if ( preg_match( $pattern, $email ) ) {
    				return false;
    			}
    			if ( preg_match( $pattern, $url ) ) {
    				return false;
    			}
    			if ( preg_match( $pattern, $comment ) ) {
    				return false;
    			}
    			if ( preg_match( $pattern, $user_ip ) ) {
    				return false;
    			}
    			if ( preg_match( $pattern, $user_agent ) ) {
    				return false;
    			}
    		}
    	}

    	/*
    	 * Check if the option to approve comments by previously-approved authors is enabled.
    	 *
    	 * If it is enabled, check whether the comment author has a previously-approved comment,
    	 * as well as whether there are any moderation keywords (if set) present in the author
    	 * email address. If both checks pass, return true. Otherwise, return false.
    	 */
    	if ( '1' === get_option( 'comment_previously_approved' ) ) {
    		if ( 'trackback' !== $comment_type && 'pingback' !== $comment_type && '' !== $author && '' !== $email ) {
    			$comment_user = get_user_by( 'email', wp_unslash( $email ) );
    			if ( ! empty( $comment_user->ID ) ) {
    				$ok_to_comment = $wpdb->get_var(
    					$wpdb->prepare(
    						"SELECT comment_approved
    						FROM $wpdb->comments
    						WHERE user_id = %d
    						AND comment_approved = '1'
    						LIMIT 1",
    						$comment_user->ID
    					)
    				);
    			} else {
    				// expected_slashed ($author, $email)
    				$ok_to_comment = $wpdb->get_var(
    					$wpdb->prepare(
    						"SELECT comment_approved
    						FROM $wpdb->comments
    						WHERE comment_author = %s
    						AND comment_author_email = %s
    						AND comment_approved = '1'
    						LIMIT 1",
    						$author,
    						$email
    					)
    				);
    			}

    			if ( '1' === $ok_to_comment && ( empty( $mod_keys ) || ! str_contains( $email, $mod_keys ) ) ) {
    				return true;
    			} else {
    				return false;
    			}
    		} else {
    			return false;
    		}
    	}
    	return true;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/comment.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/comment.php#L39)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/comment.php#L39-L169)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#hooks)󠁿

 [apply_filters( ‘comment_max_links_url’, int $num_links, string $url, string $comment )](https://developer.wordpress.org/reference/hooks/comment_max_links_url/)

Filters the number of links found in a comment.

 [apply_filters( ‘comment_text’, string $comment_text, WP_Comment|null $comment, array $args )](https://developer.wordpress.org/reference/hooks/comment_text/)

Filters the text of a comment to be displayed.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#related)󠁿

| Uses | Description | 
| [get_user_by()](https://developer.wordpress.org/reference/functions/get_user_by/)`wp-includes/pluggable.php` |

Retrieves user info by a given field.

  | 
| [wp_unslash()](https://developer.wordpress.org/reference/functions/wp_unslash/)`wp-includes/formatting.php` |

Removes slashes from a string or recursively removes slashes from strings within an array.

  | 
| [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to a filter hook.

  | 
| [get_option()](https://developer.wordpress.org/reference/functions/get_option/)`wp-includes/option.php` |

Retrieves an option value based on an option name.

  | 
| [wpdb::get_var()](https://developer.wordpress.org/reference/classes/wpdb/get_var/)`wp-includes/class-wpdb.php` |

Retrieves one value from the database.

  | 
| [wpdb::prepare()](https://developer.wordpress.org/reference/classes/wpdb/prepare/)`wp-includes/class-wpdb.php` |

Prepares a SQL query for safe execution.

  |

[Show 4 more](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#)

| Used by | Description | 
| [wp_check_comment_data()](https://developer.wordpress.org/reference/functions/wp_check_comment_data/)`wp-includes/comment.php` |

Checks whether comment data passes internal checks or has disallowed content.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#changelog)󠁿

| Version | Description | 
| [1.2.0](https://developer.wordpress.org/reference/since/1.2.0/) | Introduced. |

## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#user-contributed-notes)󠁿

 1.  [Skip to note 2 content](https://developer.wordpress.org/reference/functions/check_comment/?output_format=md#comment-content-1536)
 2.   [Codex](https://profiles.wordpress.org/codex/)  [  10 years ago  ](https://developer.wordpress.org/reference/functions/check_comment/#comment-1536)
 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fcheck_comment%2F%23comment-1536)
    Vote results for this note: 0[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fcheck_comment%2F%23comment-1536)
 4. **Simple use case**
 5.     ```php
        $author = "John Charles Smith";
        $email = "jsmith@example.com";
        $url = "http://example.com&quot;;
        $comment = "Excellent...";
        $user_ip = "12.34.56.78";
        $user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11";
        $comment_type = "comment";
    
        if ( check_comment( $author, $email, $url, $comment, $user_ip, $user_agent, $comment_type ) ) {
        	echo "The Comment robot says: Thank you for your comment.";
        } else {
        	echo "The Comment robot says: This comment is NOT valid!";
        }
        ```
    
 6.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fcheck_comment%2F%3Freplytocom%3D1536%23feedback-editor-1536)

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fcheck_comment%2F)
before being able to contribute a note or feedback.