How to prevent overflooding of database through form sub.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
victor
Forum Commoner
Posts: 65
Joined: Fri Feb 13, 2004 1:36 am

How to prevent overflooding of database through form sub.

Post by victor »

How can I prevent a malicious user from flooding my database through submission of dummy values in forms i.e. changing of values over i.e. 1000 times?

any ideas wld be greatly app.

victor
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

you could use cookies/sessions

Code: Select all

session_start();

if (form is acceptable) {
    if (empty($_SESSION['submitted_form'])) {
        // add to db
        $_SESSION['submitted_form'] = true;
    } else {
         echo 'you already submitted once';
    }
}

yes, they can just clear thier cookies, or disable them and go hog wild still, and a frequent spammer prob is keen to this.

to take it a step further, you could keep a list of ip address and thier corresponding browser user agents, and what time they submitted a post.
check if thier ip address AND user_agent have been used to submit a post in the last 30 min or so, if it has, deny them. i would only deny them if the ip AND user_agent were used for a single post, otherwise, youll be denying some innocent users :)

you can still get around that, but its much more difficult and will prob discourage all but the most persistant spammers.
victor
Forum Commoner
Posts: 65
Joined: Fri Feb 13, 2004 1:36 am

Post by victor »

2 questions:

1. I suppose I need to have 2 additional column in the DB table in order to capture the concatenated value of (user's_IP+user_agent) and time of POST? Or can I use $_SESSION['user's_IP+user_agent'] and make it last for 30 mins even if the client ended the session?

2. How can I access user's IP and user_agent, do you need special permission in accessing remote server's log? I'm hosting my web site with a remote hosting company.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

<?php

echo '<pre>';
print_r($_SERVER);
echo '</pre>';

?>

you will find that most usefull on getting the users information
Post Reply