How do I make it so people can't use an input more than once every minute?
How can I remove the ability to put any non-char/number characters into a submit thing? Alphabet will work and so will numbers but +,-,), etc, won't?
views:
236answers:
3
A:
Limiting "stuff form a user" is a very imprecise science: it's very, very difficult to figure out where a request came from. You could use the remote user's IP address, but then you risk limiting legitimate requests if there are a bunch of users behind a NAT. You can do it by cookie (set a cookie with a TTL of 1 minute, then don't let them submit if that cookie is set), but it's possible (read: easy) to simply delete that cookie.
Does that help? Do you want more information about using either IP or cookie?
David Wolever
2009-08-07 00:07:18
I just want to prevent spam.
2009-08-07 00:09:07
Then, unless I'm misunderstanding, you'll probably be better off putting a simple CAPTCHA in: limiting the number of requests won't stop spammers... It will just jeep them from spamming as quickly.
David Wolever
2009-08-07 00:13:56
If you are interested in spam prevention. you may want to look into captchas. http://recaptcha.net/ is a popular and easy to implement captcha
Mark
2009-08-07 00:15:35
A:
With regard to your second question, you'll need to do that using HTML and JavaScript... And there are lots of resources for that online: http://www.google.com/search?q=restrict+characters+javascript
Of course, you can't trust that the end-user hasn't disabled JavaScript, so you'll want to verify that, when your PHP gets the data back, it's still valid... Something like:
if (preg_match("[^a-zA-Z0-9]", $input)) {
error("The input has invalid characters in it!");
}
David Wolever
2009-08-07 00:12:25
+1
A:
You can use PHP sessions. And then check against the session value each time a form is submitted to see if it has been more than X seconds. Example
if (!isset($_SESSION['last_submit']))
$_SESSION['last_submit'] = time();
if (time()-$_SESSION['last_submit'] < 60)
die('Post limit exceeded. Please wait at least 60 seconds');
else
$_SESION['last_submit'] = time();
You'll want to use regular expressions. Since this is question tagged beginner, understanding how they work might be out of your scope. But this function will strip out all non letter and digit characters:
$string = ereg_replace('[^A-Za-z0-9]','', $string);
This example:
$string = 'sdrw%@#-14345';
$string = ereg_replace('[^A-Za-z0-9]','', $string);
echo $string;
will produce "sdrw14345"
Mark
2009-08-07 00:13:18
make sure you turn on the sessions by adding session_start() at the top of your script
Peer Allan
2009-08-07 00:16:46