php - My poll has a 'back button' loophole -

-

have had couple questions answered nicely here , i've got more trouble can with:

i have sql database holds poll question answer , user ip address. here (now working!) php code:

  // check see if user has voted   $current_user = $_server['remote_addr'];   $select_query = "select * w_poll_counter user_ip = '" . $current_user ."';";    $result = mysql_query($select_query);    if($result)   {     $row = mysql_fetch_array($result);     $user_from_db = $row['user_ip'];      if($current_user === $user_from_db)     {       //user voted - show results page       header("location: scripts/show_results.php");       exit();     }   }

the code works great, except there's 1 problem... after user votes , sees results page, can click browser's 'back' button , vote again, since code check ip address doesn't run in instance.

what need fix issue?

thanks!

check if user has voted before executing update statement.

also should take better care, script vulnerable sql injections. https://stackoverflow.com/a/60496/3595565

i can show example of implementation via pdo:

$pdo = new pdo('mysql:host=localhost;dbname=test;charset=utf8;', 'dbuser', 'dbpassword');  $stmtcheck = $pdo->prepare("select * w_poll_counter user_ip = ?"); $stmtcheck->execute(array($_server['remote_addr'])); $result = $stmtcheck->fetchall(pdo::fetch_assoc);  if(count($result) === 0){     //update }

Comments

Post a Comment

Popular posts from this blog

javascript - Slick Slider width recalculation -

-
i'm trying add slide in panel on slick container css. carousel works except new width not being calculated when space has been added. recalibrate once advance next slide i'd happen each time panel opened or closed. i've tried adding both margin , padding, neither makes difference. ideas? https://jsfiddle.net/mhigley/dpf7mlpl/ html: <button type="button" id="button"><i class="fa fa-arrow-right"></i></button> <aside> <h2>slide in panel</h2> <ol> <li>list item</li> <li>list item</li> <li>list item</li> <li>list item</li> <li>list item</li> </ol> </aside> <main role="main"> <div class="sections"> <section> <article> <h2>first slide</h2> <p>lorem ipsum d...
Read more

jsf - PrimeFaces Datatable - What is f:facet actually doing? -

-
looking through primefaces code in app noticed following line: <f:facet name="header">#{trainsearch.traincount} trains</f:facet> it looks overriding header, makes sense, can explain me in little more detail? what happening line of code? complete code listed below: <p:datatable id = "results" value = "#{trainsearch.trains}" var = "train" rendered="#{not empty trainsearch.trains}" styleclass = "train-search-table horizontal-border"> <f:facet name="header">#{trainsearch.traincount} trains</f:facet> <p:column headertext = "train id"> <p:panelgrid columns="1" styleclass = "train-id-grid" layout = "grid"> <h:outputtext styleclass = "train-id-label" value="#{train.traini}"/> <h:outputtex...
Read more

angular2 services - Angular 2 RC 4 Http post not firing -

-
i trying fire post request app , it's not working, tried multiple ways. don't see request being fired under network tab in chrome. not sure problem is, appreciated. import { injectable } '@angular/core'; import { http, headers } '@angular/http'; @injectable() export class userservice{ private _url="users"; constructor(private _http: http){ } checkifusernameexists(username){ return this._http.get(this._url+"/"+username) .map(response => response.json()) } createuser(user){ let headers = new headers(); headers.append('content-type', 'application/json') console.log(json.stringify(user)); return this._http.post(this._url, json.stringify(user),{headers: headers}) .map(response => response.json()) } } first need capture error , solve error: this._http.post(this._url, json.stringify(user),{headers: headers}) .subscribe( ...
Read more