Page 1 of 1
How to prevent overflooding of database through form sub.
Posted: Sun Nov 21, 2004 10:57 pm
by victor
How can I prevent a malicious user from flooding my database through submission of dummy values in forms i.e. changing of values over i.e. 1000 times?
any ideas wld be greatly app.
victor
Posted: Mon Nov 22, 2004 2:26 am
by rehfeld
you could use cookies/sessions
Code: Select all
session_start();
if (form is acceptable) {
if (empty($_SESSION['submitted_form'])) {
// add to db
$_SESSION['submitted_form'] = true;
} else {
echo 'you already submitted once';
}
}
yes, they can just clear thier cookies, or disable them and go hog wild still, and a frequent spammer prob is keen to this.
to take it a step further, you could keep a list of ip address and thier corresponding browser user agents, and what time they submitted a post.
check if thier ip address AND user_agent have been used to submit a post in the last 30 min or so, if it has, deny them. i would only deny them if the ip AND user_agent were used for a single post, otherwise, youll be denying some innocent users
you can still get around that, but its much more difficult and will prob discourage all but the most persistant spammers.
Posted: Mon Nov 22, 2004 8:09 am
by victor
2 questions:
1. I suppose I need to have 2 additional column in the DB table in order to capture the concatenated value of (user's_IP+user_agent) and time of POST? Or can I use $_SESSION['user's_IP+user_agent'] and make it last for 30 mins even if the client ended the session?
2. How can I access user's IP and user_agent, do you need special permission in accessing remote server's log? I'm hosting my web site with a remote hosting company.
Posted: Mon Nov 22, 2004 8:12 am
by John Cartwright
Code: Select all
<?php
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
?>
you will find that most usefull on getting the users information