Jump to content

PHP to SQL

mnewton91

By mnewton91
in PHP Coding Help

 Share

Recommended Posts

mnewton91 Newbie

mnewton91

Posted
Posted

Hi Everyone.

 

I've got a bit of a query, if anyone can help. I run a gaming community site, which uses Invision Power Board 3.1.2. I've been working on a "Quotes" Database, which has a PHP Front end, which adds data to a SQL Database. I have an Insert.php, which submits the data to the SQL, which works fine, however I have no idea how to secure the "inserting of quotes" so that it doesn't get spammed constantly.

 

So I was wondering whether it would be easier to add a delay in between sumbissions based on the IP Address, or whether to lock it down with IPB (i have no idea how).. So if anyone could give me a hand with this, it would be greatly appreciated.

 

Below is the code to my insert.php page. A HTML page $_POST's to this.

 

<?php
$con = mysql_connect("localhost","quotesuser","xxxxxx");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

$date = date("Y/m/d -  H:i:s");
  
mysql_select_db("quotes", $con);

$qd = mysql_real_escape_string($_POST['Quote_Data']);
$qb = mysql_real_escape_string($_POST['Quoted_By']);

$sql="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time) VALUES ('$qd','$qb','$date')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
header("Location: select.php");
echo "Quote Added to Database.";


mysql_close($con)
?>

 

Link to comment
Share on other sites
New Coder Member

New Coder

Posted
Posted

Is the user logged in or anything?

Because you could store who entered the quote and the date entered. You could then check if they have already entered a quote on that day. and if so say sorry already made a quote today. or check for a limit of x amount of quotes allowed on a day.

Or like you say you could store the ip and use this to check too.

Link to comment
Share on other sites
New Coder Member

New Coder

Posted
Posted

Ah right this is a page you've built linked from your IPB. I'm no expert on IPB's but if you can pass the logged on user you could then insert that into your table. If not I don't see why ip wouldn't work as a check. How ever you need an extra field in your quotes table for my suggested method to work.

 

<?php
$con = mysql_connect("localhost","quotesuser","xxxxxx");
if (!$con)  
{ 
die('Could not connect: ' . mysql_error());  
}

$date = date("Y/m/d -  H:i:s");  

mysql_select_db("quotes", $con);

$qd = mysql_real_escape_string($_POST['Quote_Data']);
$qb = mysql_real_escape_string($_POST['Quoted_By']);

$sql1 = "select * from Quotes where ip=$_SERVER['REMOTE_ADDR'] and Date_Time = $date";
$rs = mysql_query( $sql1, $con )
	or die( "Err: Query 1");

if(mysql_num_rows($rs)!=1)
{
$sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, ip) VALUES ('$qd','$qb','$date',$_SERVER['REMOTE_ADDR'])";

$rs = mysql_query( $sql2, $con )
	or die( "Err: Query 2");

	header("Location: select.php");
echo "Quote Added to Database.";
}
else
{
echo ("Sorry you have already made 1 quote today");
} 
mysql_close($con)
?>

You can then change the query count slightly if you wanted to up the quotes allowed limit

 

p.s code not tested as I dont have a quotes table :)

Link to comment
Share on other sites
New Coder Member

New Coder

Posted
Posted 
<?php
$con = mysql_connect("localhost","quotesuser","xxxxxx");
if (!$con)  
{ 
die('Could not connect: ' . mysql_error());  
}

$date = date("Y/m/d -  H:i:s");  
$ip = $_SERVER['REMOTE_ADDR'];
mysql_select_db("quotes", $con);

$qd = mysql_real_escape_string($_POST['Quote_Data']);
$qb = mysql_real_escape_string($_POST['Quoted_By']);

$sql1 = "select * from Quotes where ip='$ip' and Date_Time = '$date'";
$rs = mysql_query( $sql1, $con )
	or die( "Err: Query 1");

if(mysql_num_rows($rs)!=1)
{
$sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, ip) VALUES ('$qd','$qb','$date','$ip')";

$rs = mysql_query( $sql2, $con )
	or die( "Err: Query 2");

	header("Location: select.php");
echo "Quote Added to Database.";
}
else
{
echo ("Sorry you have already made 1 quote today");
} 
mysql_close($con)
?>

Link to comment
Share on other sites
mnewton91 Newbie

mnewton91

Posted
  • Author
Posted

Okay, so i added a field called "IP_Address" to the SQL and it's submitting the IP Address properly, BUT. It's not checking and returning an error, cause i can post more than one quote using this code..

 

<?php
$con = mysql_connect("localhost","quotes","xxxxxxx");
if (!$con)  
{ 
die('Could not connect: ' . mysql_error());  
}

$date = date("Y/m/d -  H:i:s");  
mysql_select_db("quotes", $con);

$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$qd = mysql_real_escape_string($_POST['Quote_Data']);
$qb = mysql_real_escape_string($_POST['Quoted_By']);

$sql1 = "select * from Quotes where IP_Address = '$ip' and Date_Time = '$date'";
$rs = mysql_query( $sql1, $con )
	or die( "Err: Query 1");

if(mysql_num_rows($rs)!=1)
{
$sql2="INSERT INTO Quotes (Quote_Data, Quoted_By , Date_Time, IP_Address) VALUES ('$qd','$qb','$date','$ip')";

$rs = mysql_query( $sql2, $con )
	or die( "Err: Query 2");

	header("Location: select.php");
echo "Quote Added to Database.";
}
else
{
echo ("Sorry you have already made 1 quote today");
} 
mysql_close($con)
?>

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.