Page 1 of 1

How to prevent overflooding of database through form sub.

Posted: Sun Nov 21, 2004 10:57 pm
by victor
How can I prevent a malicious user from flooding my database through submission of dummy values in forms i.e. changing of values over i.e. 1000 times?

any ideas wld be greatly app.

victor

Posted: Mon Nov 22, 2004 2:26 am
by rehfeld
you could use cookies/sessions

Code: Select all

session_start();

if (form is acceptable) {
    if (empty($_SESSION['submitted_form'])) {
        // add to db
        $_SESSION['submitted_form'] = true;
    } else {
         echo 'you already submitted once';
    }
}

yes, they can just clear thier cookies, or disable them and go hog wild still, and a frequent spammer prob is keen to this.

to take it a step further, you could keep a list of ip address and thier corresponding browser user agents, and what time they submitted a post.
check if thier ip address AND user_agent have been used to submit a post in the last 30 min or so, if it has, deny them. i would only deny them if the ip AND user_agent were used for a single post, otherwise, youll be denying some innocent users :)

you can still get around that, but its much more difficult and will prob discourage all but the most persistant spammers.

Posted: Mon Nov 22, 2004 8:09 am
by victor
2 questions:

1. I suppose I need to have 2 additional column in the DB table in order to capture the concatenated value of (user's_IP+user_agent) and time of POST? Or can I use $_SESSION['user's_IP+user_agent'] and make it last for 30 mins even if the client ended the session?

2. How can I access user's IP and user_agent, do you need special permission in accessing remote server's log? I'm hosting my web site with a remote hosting company.

Posted: Mon Nov 22, 2004 8:12 am
by John Cartwright

Code: Select all

<?php

echo '<pre>';
print_r($_SERVER);
echo '</pre>';

?>

you will find that most usefull on getting the users information