html/hack prevention search bar

[MDanz]

 <input type="text" size="35" name="search" id="search" style="text-align: center"/>

 

i have the above in a form. is the below code enough to prevent stuff like spam-bombs etc

 

$search = mysql_real_escape_string($_POST['search']);

 

 

if any better suggestions please let me know.

 

 

[trq]

mysql_real_escape_string does NOTHING to prevent spam. It strips strings of harm full data that may cause sql injections.

 

You need to validate your data contains what you want.

[MDanz]

i checked phpmyadmin.. and it seemed a spambomb which generated 1000 replies , causes 1000 rows.  what would you recommend to prevent this?  i have a time limit between each post.

[PFMaBiSmAd]

i have a time limit between each post.

How are you storing and checking if a post is within a certain amount of time from the previous post?

 

Edit: and if this is a search form, how are you identifying which visitor each post comes from?

[KevinM1]

i checked phpmyadmin.. and it seemed a spambomb which generated 1000 replies , causes 1000 rows.  what would you recommend to prevent this?  i have a time limit between each post.

 

Like Thorpe said, you need to validate all incoming data.  Running data through an escape (like mysql_real_escape_string) should be the last step before database insertion.

[trq]

Depending on how serious you are, I would take a look at akismet.

[MDanz]

i just used the search as an example.

 

 

the spam happens on my reply to post form.  what steps would i use to validate the post then?  when making new threads i use captcha.. but for forum users you don't want to use captcha every time you post.

[trq]

Your not likely to prevent spam through simple filter, you'll get some, but not for long. That's what mods are for. You think this site has spam protection? No, we have admins/mods/gurus & recommended users keeping the place running.