如何实现同一IP提交表单的次数限制?-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

如何实现同一IP提交表单的次数限制?

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:07 PM

php

如何实现同一IP提交表单的次数限制?
比如说:我开发了一个投票程序，要求同一IP在两个小时内只能投一次票（即成功提交一次）。该如何写代码?
（初学者，问题可能有些白痴，请耐心回答，谢谢）

回复内容：

关注微信公众号：phpgod（PHP技术大全），每日精彩分享不间断。
第一步，创建表，DDL如下：
CREATE TABLE ip_limit (
id int(11) NOT NULL AUTO_INCREMENT COMMENT '自增id',
ip char(16) NOT NULL DEFAULT '0' COMMENT 'ip地址',
form_id int(11) NOT NULL DEFAULT '0' COMMENT '表单id',
last_submit_time int(11) NOT NULL DEFAULT '0' COMMENT '上次提交表单时间',
success_submit_times int(11) NOT NULL DEFAULT '0' COMMENT '成功提交次数',
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
第二步，需求逻辑，描述如下：
当用户进行第一次提交时，插入一条记录到ip_limit表，并记住ip,form_id,last_submit_time，success_submit_times等字段信息，当用户进行更多次提交时，先查询对应ip对于指定form_id的last_submit_time，如果current_time - last_submit_time>2*3600,就更新last_submit_time，success_submit_times字段信息，否则提示相关限制信息。

保存到redis，设置生存周期为2小时
键为ip，值为访问次数。
每次投票检查次数，超过返回错误，未超过限制就允许投票，并把次数加一

缓存到文件
session
redis等内存数据库
MySQL等SQL数据库

都可以实现

各有优劣，速度，效率，看如何取舍。当然也要看服务的精确性。

如果用client的javascript来限制提交次数的话也不可靠，如果有人直接改javascript的话就可以绕过这个限制。
可以从服务端的request里面可以拿到客户端的ip地址，然后你就知道怎么做了，不过这种方法对于某些客户使用代理上网的话就有问题了。

使用缓存去检测

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AM

ToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si

How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AM

The steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.

How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PM

The article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.

What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PM

The article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.

How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PM

Article discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

InZoi: How To Apply To School And University

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Where to find the Site Office Key in Atomfall

4 weeks agoByDDD

Hot Tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software