limit form submission

[xtiancjs]

Hi all, am trying to figure out a way for a user to submit a form only once, am trying to use an alternative to a javascript disable submit. I know I am being picky but I need this change to be permanent so a session won't work. I also realise that if cookies are turned off then that would not be ideal either. I think what I need to do is store the users ip somewhere and be able to reference it if the user tries to send the form again. Could someone point me in the right direction? My form is a drop down jump menu which calls a javascript to do the submission when an option is pointed to, MY FORM:

<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right"><select name="broker_rating" onClick="DoSubmission1();">
<?php
do {
?>
<option value="<?php echo $row_valueset['value']?>"<?php if (!(strcmp($row_valueset['value'], $row_bprofile['broker_rating']))) {echo "selected=\"selected\"";} ?>><?php echo $row_valueset['value']?></option>
<?php
} while ($row_valueset = mysql_fetch_assoc($valueset));
$rows = mysql_num_rows($valueset);
if($rows > 0) {
mysql_data_seek($valueset, 0);
$row_valueset = mysql_fetch_assoc($valueset);
}
?>
</select></td>
<td></td>
<tr>
</table>
<input type="hidden" name="id" value="<?php echo $row_bprofile['id']; ?>">
<input type="hidden" name="broker_num_votes" value="<?php echo $row_bprofile['broker_num_votes']; ?>">
<input type="hidden" name="MM_update" value="form1">
<input type="hidden" name="id" value="<?php echo $row_bprofile['id']; ?>">

</form>

FORM ACTION CODE:

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE brokers SET broker_rating= broker_rating + %s, broker_num_votes=%s + 1 WHERE id=%s",
GetSQLValueString($_POST['broker_rating'], "int"),
GetSQLValueString($_POST['broker_num_votes'], "int"),
GetSQLValueString($_POST['id'], "int"));

mysql_select_db($database_broker, $broker);
$Result1 = mysql_query($updateSQL, $broker) or die(mysql_error());
}

Hope this code helps,
thanks xtian

[Guest footballkid4]

There's no PERMANENT way to store settings on a user's PC (meaning that there is no way to store a setting that they can't get rid of) from a web script. You can use cookies, however many people know how to delete them. I would say the best way to go about this would be to log their IP address in a database, AND store a cookie on their computer (in case their IP changes). That should greatly lessen the amount of people who can submit to your form multiple times.

BTW: Do NOT use JavaScript to disable the submission of a form! JavaScript can be disabled/bypassed very very easily.

If you don't want the user to be able to use the form, then don't show it at all