阻止攻击性的词，阻止链接等在mysql插入查询

我正在运行一个mysql插入查询，这个想法是用户可以提交评论到用户配置文件，但我想知道是否有一种方法我可以阻止攻击性的话，链接和防止人们用博客链接等垃圾邮件的方式。

我会使用PHP if语句来忽略这些关键字;"f*ck"等，我觉得这样做的唯一问题是我必须在忽略语句中覆盖每个单词，

或者我是否会在mysql中包含一些东西，无论哪种方式，我都想阻止所有链接插入到表单中，

有人能给我一些指导，告诉我如何做到这一点，请谢谢

html:

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<textarea name="review_recipient" id="review_recipient" maxlength="180" cols="33" rows="5" style=""></textarea><label style="">Who is the Review from?</label>
<br/>
<textarea name="review_content" id="review_content" maxlength="180" cols="33" rows="5" style=""></textarea>
<label style="">Say Something...</label>
<input name="add_review" type="image" src="http://www.playtimeboys.com/assets/img/icons/save-edit.png" BORDER="0" ALT="SUBMIT!"class="review_submit4" /></form> 

php/mysql:

<?php ob_start(); ?>
     <?php 
    // check if the review form has been sent
    if(isset($_POST['review_content']))
    {
        $content = $_POST['review_content'];
            //We remove slashes depending on the configuration
            if(get_magic_quotes_gpc())
            {
                    $content = stripslashes($content);
            }
            //We check if all the fields are filled
            if($_POST['review_content']!='')
            {

                {
                $sql = "INSERT INTO ptb_reviews (id, from_user_id, to_user_id, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$profile_id."', '".$content."');";
                mysql_query($sql, $connection);
                $_SESSION['message']="<div class='"infobox-wallpost'"><strong>Thank You</strong> - Your review has been sent and is awaiting approval.</div><div class='"infobox-close4'"></div>"; 
    header("Location: {$_SERVER['HTTP_REFERER']}");
    } } } } ?>

$blocked_words="test1,test2,test3,test4";//list of offensive word
$review_from_user ="Your reviews test2 is following hello test1"; //review from user 

$blocked_words_expo = explode(",", $blocked_words);  
foreach($blocked_words_expo as $rmv)
{
    if(strpos($review_from_user,$rmv)==true)
    {
        $review_from_user = str_replace($rmv,'',$review_from_user); 
    }
}
echo $review_from_user;
//and then insert $review_from_user

$blocked_words=array();
$q="select words from block";
$rs=mysql_query($q);
while($rd=mysql_fetch_object($rs))
{
$blocked_words[]=$rd->words;
}
$string_words=explode(" ", $_POST['review_content']);  
$result = array_intersect($blocked_words, $string_words);