PHP和SQL-在短时间内在数据库中输入3个或更多条目后阻止IP地址

时间:2018-06-23 00:30:53

标签: php sql

请原谅我的代码状态,但我还很新。我正在尝试编写一些PHP脚本,以防止IP地址在设定的时间段内(最好是1小时,但我不知道如何设置)在数据库中输入三个以上的条目。

我的代码如下。所有帮助,不胜感激。我当前收到以下错误...“您的SQL语法有错误;请查看与您的MariaDB服务器版本相对应的手册,以获取在''travisor_review'WHERE travisor_review.ip_address = '31 .205.34.25附近使用的正确语法''位于第2行“ 

if (isset($_POST["leave"])) {

    $ip_address = $_SERVER['REMOTE_ADDR'];

    $queryTime = "SELECT * 
                    FROM 'travisor_review' 
                    WHERE travisor_review.ip_address = '$ip_address' 
                    ORDER BY date DESC
                    LIMIT 3";
    $resultTime = mysqli_query($conn, $queryTime) or die(mysqli_error($conn));

        if (mysqli_num_rows($resultTime) > 3) {

            while ($row = mysqli_fetch_assoc($resultTime)) {
                $totalTime = $totalTime + (date("Y-m-d H:i:s") - $date);
            }

            echo $totalTime;

            if ($totalTime < 1000000) {
                exit("It seems you have been making too many reviews in a short period of time. Try again later.");
            }
        }

    $lreview = mysqli_real_escape_string($conn, $_POST['lreview']);
    $srating = mysqli_real_escape_string($conn, $_POST['srating']);


    $query2 = "INSERT INTO travisor_review (tradesperson, rating, review, date, ip_address)
        VALUES('$id', '$srating', '$lreview', NOW(), '$ip_address')";

    $result2 = mysqli_query($conn, $query2) or die(mysqli_error($conn));
}

1 个答案:

答案 0 :(得分:0)

我得到了答案。我的SQL有一个小错误,Php中有未声明的变量。下面的代码... 

 if (isset($_POST["leave"])) {

    $ip_address = $_SERVER['REMOTE_ADDR'];

    $queryTime = "SELECT * 
                    FROM travisor_review 
                    WHERE travisor_review.ip_address = '$ip_address' 
                    ORDER BY date DESC
                    LIMIT 3";
    $resultTime = mysqli_query($conn, $queryTime) or die(mysqli_error($conn));

        if (mysqli_num_rows($resultTime) > 2) {

            $totalTime = 0;
            $date = $row["date"];

            while ($row = mysqli_fetch_assoc($resultTime)) {
                $totalTime = $totalTime + (date("Y-m-d H:i:s") - $date);
            }

            echo $totalTime;

            if ($totalTime < 3600) {
                exit("It seems you have been making too many reviews in a short period of time. Try again later.");
            }
        }

    $lreview = mysqli_real_escape_string($conn, $_POST['lreview']);
    $srating = mysqli_real_escape_string($conn, $_POST['srating']);


    $query2 = "INSERT INTO travisor_review (tradesperson, rating, review, date, ip_address)
        VALUES('$id', '$srating', '$lreview', NOW(), '$ip_address')";

    $result2 = mysqli_query($conn, $query2) or die(mysqli_error($conn));
}
相关问题
最新问题