clown[NOR] Posted May 6, 2007 Share Posted May 6, 2007 I'm making a guestbook but something is very wrong here... Adding the message to the database works perfectly, but the issue comes when it's added. The user can just hit F5 and the message get's added again.. And you can keep on doing that forever spamming the guestbook really bad.. So I wonder if anyone could tell me how to prevent that from happening. Here's the code: <?php if (isset($_REQUEST['Submit'])) { $name = $_REQUEST['name']; $email = $_REQUEST['email']; $website = $_REQUEST['website']; $message = $_REQUEST['message']; $ip = $_SERVER['REMOTE_ADDR']; $added = date("Y-m-d H:i:s"); if (empty($name)) { $name = "Anonymous"; } $name = strip_tags($name); $email = strip_tags($email); $website = strip_tags($website); $message = str_replace("\n", "<br>", strip_tags($message)); c2db(); $name = mysql_real_escape_string($name); $email = mysql_real_escape_string($email); $website = mysql_real_escape_string($website); $message = mysql_real_escape_string($message); $ip = mysql_real_escape_string($ip); $added = mysql_real_escape_string($added); $query = "INSERT INTO `guestbook` VALUES ('', '$name', '$email', '$website', '$message', '$ip', '$added')"; $result = mysql_query($query); if (!$result) { die(mysql_error()); } unset($_REQUEST['Submit']); } ?> Thanks in Advance - Clown Quote Link to comment Share on other sites More sharing options...
rallokkcaz Posted May 6, 2007 Share Posted May 6, 2007 you would probly have to set some variable that makes it so the user can only post 2 posts every minute or somthing like that im not sure how it would look in code but i might work Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted May 7, 2007 Share Posted May 7, 2007 using header('location: www.xxx.com'); after the insert query will help also storing their ip address and teh timestamp will allow you to check the last time they posted (and you can deny them if the time is less than a specified period). Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 7, 2007 Author Share Posted May 7, 2007 i'll just try setting a cookie Quote Link to comment Share on other sites More sharing options...
clown[NOR] Posted May 7, 2007 Author Share Posted May 7, 2007 Did it the hardway.. made another file the redirecting back to the guestbook Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 7, 2007 Share Posted May 7, 2007 Try this! <?php if (isset($_REQUEST['Submit'])) {//Page was submitted if (!$_REQUEST['Submit']) { //value of content is empty header("Location: http:// "); } else { //Submit has value $name = $_REQUEST['name']; $email = $_REQUEST['email']; $website = $_REQUEST['website']; $message = $_REQUEST['message']; $ip = $_SERVER['REMOTE_ADDR']; $added = date("Y-m-d H:i:s"); if (empty($name)) { $name = "Anonymous"; } $name = strip_tags($name); $email = strip_tags($email); $website = strip_tags($website); $message = str_replace("\n", "<br>", strip_tags($message)); c2db(); $name = mysql_real_escape_string($name); $email = mysql_real_escape_string($email); $website = mysql_real_escape_string($website); $message = mysql_real_escape_string($message); $ip = mysql_real_escape_string($ip); $added = mysql_real_escape_string($added); $query = "INSERT INTO `guestbook` VALUES ('', '$name', '$email', '$website', '$message', '$ip', '$added')"; $result = mysql_query($query); if (!$result) { die(mysql_error()); } unset($_REQUEST['Submit']); } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.