mnewton91 Posted January 20, 2011 Share Posted January 20, 2011 Hi Everyone. I've got a bit of a query, if anyone can help. I run a gaming community site, which uses Invision Power Board 3.1.2. I've been working on a "Quotes" Database, which has a PHP Front end, which adds data to a SQL Database. I have an Insert.php, which submits the data to the SQL, which works fine, however I have no idea how to secure the "inserting of quotes" so that it doesn't get spammed constantly. So I was wondering whether it would be easier to add a delay in between sumbissions based on the IP Address, or whether to lock it down with IPB (i have no idea how).. So if anyone could give me a hand with this, it would be greatly appreciated. Below is the code to my insert.php page. A HTML page $_POST's to this. <?php $con = mysql_connect("localhost","quotesuser","xxxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } $date = date("Y/m/d - H:i:s"); mysql_select_db("quotes", $con); $qd = mysql_real_escape_string($_POST['Quote_Data']); $qb = mysql_real_escape_string($_POST['Quoted_By']); $sql="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time) VALUES ('$qd','$qb','$date')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } header("Location: select.php"); echo "Quote Added to Database."; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
New Coder Posted January 20, 2011 Share Posted January 20, 2011 Is the user logged in or anything? Because you could store who entered the quote and the date entered. You could then check if they have already entered a quote on that day. and if so say sorry already made a quote today. or check for a limit of x amount of quotes allowed on a day. Or like you say you could store the ip and use this to check too. Quote Link to comment Share on other sites More sharing options...
mnewton91 Posted January 20, 2011 Author Share Posted January 20, 2011 I would like the user to be logged into IPB, before they can submit a quote.. Quote Link to comment Share on other sites More sharing options...
New Coder Posted January 20, 2011 Share Posted January 20, 2011 Ah right this is a page you've built linked from your IPB. I'm no expert on IPB's but if you can pass the logged on user you could then insert that into your table. If not I don't see why ip wouldn't work as a check. How ever you need an extra field in your quotes table for my suggested method to work. <?php $con = mysql_connect("localhost","quotesuser","xxxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } $date = date("Y/m/d - H:i:s"); mysql_select_db("quotes", $con); $qd = mysql_real_escape_string($_POST['Quote_Data']); $qb = mysql_real_escape_string($_POST['Quoted_By']); $sql1 = "select * from Quotes where ip=$_SERVER['REMOTE_ADDR'] and Date_Time = $date"; $rs = mysql_query( $sql1, $con ) or die( "Err: Query 1"); if(mysql_num_rows($rs)!=1) { $sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, ip) VALUES ('$qd','$qb','$date',$_SERVER['REMOTE_ADDR'])"; $rs = mysql_query( $sql2, $con ) or die( "Err: Query 2"); header("Location: select.php"); echo "Quote Added to Database."; } else { echo ("Sorry you have already made 1 quote today"); } mysql_close($con) ?> You can then change the query count slightly if you wanted to up the quotes allowed limit p.s code not tested as I dont have a quotes table Quote Link to comment Share on other sites More sharing options...
mnewton91 Posted January 20, 2011 Author Share Posted January 20, 2011 just tested your code, and i get this error Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/ffgaming/public_html/quotes/insert2.php on line 15 Quote Link to comment Share on other sites More sharing options...
New Coder Posted January 20, 2011 Share Posted January 20, 2011 <?php $con = mysql_connect("localhost","quotesuser","xxxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } $date = date("Y/m/d - H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; mysql_select_db("quotes", $con); $qd = mysql_real_escape_string($_POST['Quote_Data']); $qb = mysql_real_escape_string($_POST['Quoted_By']); $sql1 = "select * from Quotes where ip='$ip' and Date_Time = '$date'"; $rs = mysql_query( $sql1, $con ) or die( "Err: Query 1"); if(mysql_num_rows($rs)!=1) { $sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, ip) VALUES ('$qd','$qb','$date','$ip')"; $rs = mysql_query( $sql2, $con ) or die( "Err: Query 2"); header("Location: select.php"); echo "Quote Added to Database."; } else { echo ("Sorry you have already made 1 quote today"); } mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
mnewton91 Posted January 20, 2011 Author Share Posted January 20, 2011 Okay, so i added a field called "IP_Address" to the SQL and it's submitting the IP Address properly, BUT. It's not checking and returning an error, cause i can post more than one quote using this code.. <?php $con = mysql_connect("localhost","quotes","xxxxxxx"); if (!$con) { die('Could not connect: ' . mysql_error()); } $date = date("Y/m/d - H:i:s"); mysql_select_db("quotes", $con); $ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $qd = mysql_real_escape_string($_POST['Quote_Data']); $qb = mysql_real_escape_string($_POST['Quoted_By']); $sql1 = "select * from Quotes where IP_Address = '$ip' and Date_Time = '$date'"; $rs = mysql_query( $sql1, $con ) or die( "Err: Query 1"); if(mysql_num_rows($rs)!=1) { $sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, IP_Address) VALUES ('$qd','$qb','$date','$ip')"; $rs = mysql_query( $sql2, $con ) or die( "Err: Query 2"); header("Location: select.php"); echo "Quote Added to Database."; } else { echo ("Sorry you have already made 1 quote today"); } mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
New Coder Posted January 20, 2011 Share Posted January 20, 2011 Ill build a quotes table and do some test for you too and get back with what I come up with Quote Link to comment Share on other sites More sharing options...
rockstarrem Posted January 20, 2011 Share Posted January 20, 2011 You're probably going to want to use IPB's session and see how long it's been since the last time they used a quote. This would probably be the easiest and most effective way. IP's are alright but people can just use a proxy and stuff. Quote Link to comment Share on other sites More sharing options...
mnewton91 Posted January 20, 2011 Author Share Posted January 20, 2011 Any ideas on how i would do this? Quote Link to comment Share on other sites More sharing options...
rockstarrem Posted January 20, 2011 Share Posted January 20, 2011 Not really, but I found this topic at another forum... if this is against the rules I'm sorry, just delete it etc: http://www.codingforums.com/showthread.php?t=57548 -- that should give you the basic idea, if it even works. Quote Link to comment Share on other sites More sharing options...
mnewton91 Posted January 21, 2011 Author Share Posted January 21, 2011 Any Luck, New Coder? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.