RalphLeMouf Posted April 19, 2012 Share Posted April 19, 2012 Hello, I have a social network that allows users to make comments and replies to comments. We have had a hacker attack us a couple of times in the passed couple of weeks via using our comment system manually, so I am trying to implement a limit on the amount of comments a user can make a day. this is what I have so far. The query before the insert query that counts based off the current date and than the query that inserts the comments. I'm just trying to figure out how to tie those together and determine what kind of if statement to do, and what to include in the if to make it work //QUERY TO FIND THE COUNT $query_count = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $request = mysql_query($query_count,$connection); $result = mysql_fetch_array($request); //IF SHOULD GO HERE //INSERT THE COMMENT $query = "INSERT INTO `CysticAirwaves` ( `FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time` ) VALUES ( '" . $auth->id ."', '" . $prof->id ."', '" . mysql_real_escape_string($_POST['ProfileComment']) ."', 'active', 'active', '" . date("Y-m-d") . "', '" . date("G:i:s") . "')"; mysql_query($query,$connection); if($auth->id == $prof->id) { $just_inserted = mysql_insert_id(); $query = "UPDATE `CysticAirwaves` SET `status` = 'dead' WHERE `FromUserID` = '" . $auth->id . "' AND `ToUserID` = '" . $prof->id . "' AND `id` != '" . $just_inserted . "'"; $request = mysql_query($query,$connection); } Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 19, 2012 Share Posted April 19, 2012 //QUERY TO FIND THE COUNT $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $result = mysql_query($query, $connection); $post_count = mysql_result($result, 0); if($post_count >= $max_posts_per_day) { echo "You have reached the maximum number of posts for the day. Try again tomorrow"; } else { //Code to insert comment goes here } Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 Ok that makes sense. Thank you. It's not limiting. I changed this $post_count = mysql_result($result, 5); as to limit it to five per day. Am I thinking about this right? Or what do I need to do to limit it to 5 or 10? thanks again for all your help Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 hold up - I need to add value to max post per day brb Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 19, 2012 Share Posted April 19, 2012 Ok that makes sense. Thank you. It's not limiting. I changed this $post_count = mysql_result($result, 5); as to limit it to five per day. Am I thinking about this right? Or what do I need to do to limit it to 5 or 10? Um, no. mysql_result() will pull a single value forom a query result set. The first parameter is the results set, the second parameter is the record index (index 0 is the first record). There is also an optional third parameter for the filed name or index. But, since you would only have one value in your result set it is not needed. By changing the 0 to a 5 you are trying to get the value from the 6th record in the result set - which would not exist. Yes, you need to define the max number of posts per day and change the 5 back to a 0. $post_count = mysql_result($result, 0); Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 I did that and still not doing the trick $query_count = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $request = mysql_query($query_count,$connection); $result = mysql_fetch_array($request); $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $result = mysql_query($query, $connection); $post_count = mysql_result($result, 0); $max_posts_per_day = 5; if($post_count >= $max_posts_per_day) { echo "You have reached the maximum number of posts for the day. Try again tomorrow"; } else { $query = "INSERT INTO `CysticAirwaves` ( `FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time` ) VALUES ( '" . $auth->id ."', '" . $prof->id ."', '" . mysql_real_escape_string($_POST['ProfileComment']) ."', 'active', 'active', '" . date("Y-m-d") . "', '" . date("G:i:s") . "')"; mysql_query($query,$connection); } Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 19, 2012 Share Posted April 19, 2012 I did that and still not doing the trick Ok, what IS it doing? Are you getting any errors? What debugging have you done to see what is happening any why? I was going to ask, what kind of field is "date" is it JUSt a date field or is it a datetime/timestamp field? If it is a datetime/timestamp field then the query will always return 0. I also see that you left in your old query which is being run unnecessarily. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 Thanks again for your patience and help as I'm fairly new at this I checked in the db and I have "date" for date as opposed to the stamp. I tried to print_r($post_count); to no avail. This is what I currently have $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $request = mysql_query($query_count,$connection); $result = mysql_fetch_array($request); $post_count = mysql_result($result, 0); $max_posts_per_day = 5; if($post_count >= $max_posts_per_day) { echo "You have reached the maximum number of posts for the day. Try again tomorrow"; } else { $query = "INSERT INTO `CysticAirwaves` ( `FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time` ) VALUES ( '" . $auth->id ."', '" . $prof->id ."', '" . mysql_real_escape_string($_POST['ProfileComment']) ."', 'active', 'active', '" . date("Y-m-d") . "', '" . date("G:i:s") . "')"; mysql_query($query,$connection); } Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 19, 2012 Share Posted April 19, 2012 $post_count will be a string that contains a numeric value - not an array. What does "to no avail" mean. Please provide exact results, error messages, etc. Anyway, give this a go $max_posts_per_day = 5; $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND date = `CURDATE()`"; $result = mysql_query($query, $connection); $post_count = mysql_result($result, 0) or die(mysql_error()); //Debugging lines echo "Query: {$query}<br>\n"; echo "Post count for user id {$auth->id} is {$post_count}<br>\n"; if($post_count >= $max_posts_per_day) { echo "You have reached the maximum number of posts for the day. Try again tomorrow"; } else { $comment = mysql_real_escape_string($_POST['ProfileComment']); $query = "INSERT INTO `CysticAirwaves` (`FromUserID`, `ToUserID`, `comment`, `status`, `statusCommentAirwave`, `date`, `time`) VALUES ('{$auth->id}', '{$prof->id}', '{$comment}', 'active', 'active', CURDATE(), CURTIME())"; mysql_query($query, $connection) or die(mysql_error()); } Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 it wasn't showing any errors before. It was just not limiting and carrying on normally. However what you just did it loaded the page white with this message "Unknown column 'CURDATE()' in 'where clause'" Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 I got it to work by changing "date" to " `date`" thank you very much for your help Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted April 19, 2012 Author Share Posted April 19, 2012 actually spoke to soon. getting close, but I gotta see what's going on cause now. It worked for the existing id I was using as it went over limit, but when I tried with a fresh account it didn't re-load the page with the new comment and just loaded a white screen displaying no errors. I'll update on here once I mess with it for a while and find a solution Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 20, 2012 Share Posted April 20, 2012 it wasn't showing any errors before. It was just not limiting and carrying on normally. However what you just did it loaded the page white with this message "Unknown column 'CURDATE()' in 'where clause'" I didn't notice that I simply worked off your original query. CURDATE() should not be in any quote marks. $query = "SELECT COUNT(*) FROM `CysticAirwaves` WHERE `FromUserID` = $auth->id AND `date` = CURDATE()"; actually spoke to soon. getting close, but I gotta see what's going on cause now. It worked for the existing id I was using as it went over limit, but when I tried with a fresh account it didn't re-load the page with the new comment and just loaded a white screen displaying no errors. If you are getting a white screen then this code is not being run, because the debug message I put in there should be displayed regardless. So, the error is likely in some code before this one. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.