Use strpos(string haystack, string needle) - it returns (int) the offset at which needle was found in haystack, or FALSE if it wasn't found.
strpos() is case sensitive. stripos() is the case-insensitive version.
Here's some code:
if ( FALSE !== stripos( $variable, 'http://' ) ) {
// for example, to just quit the script and output an error message:
die("Sorry, you can't have links in your message.")
}
// code if http:// isn't found - make sure the if block above terminates the script / returns the function so that this isn't reached if it is found
I used !==, which is a STRICT comparison, because stripos() can return either 0 (an integer) or FALSE (a boolean). IF you use !=, and if $variable starts with "http://", then the IF block will get skipped, which isn't what you want.
Strict equals is ===, if you ever need that, too.
EDIT: Also, bear in mind that someone can also post a URL as the domain only - e.g. www.myspamsite.com or myspamsite.com. It's not as straightforward to filter - you could use a regex like
if ( preg_match('/http: \/\/|(www\.)? [a-z0-9\-] \.(com|net|org|ca| co\.uk|cn|tk)/', $variable) {
// if there is a URL or domain in the message
die('Sorry, you can\'t use links in your message.');
}
// if there isn't a URL or domain
*** Note: Take out ALL the spaces in the first argument of preg_match(). Yahoo Answers shortens it otherwise, so I had to put in the extra spaces to stop it doing that.
This would catch http://anything, www.mybadsite.com and mybadsite.com. For the TLD, it catches com, net, org, ca, co.uk, cn and tk - you can add more by adding a vertical pipe between one.
Note: UNTESTED code. I tend to mess up regexes really easily.