I am getting hit by spam bots. We implemented a test, it has helped a lot. However, a few are getting around it by using #f in the answer input field, doesn't work for me but works for them. I would like to add a PHP check before it sends the content into the database (using mysql). Is the code I have below correct?
I added this into my code and it is inserting into mysql database, just not sure if it will stop it from submitting the content into the database if the "squest" field does not equal 10.
if ($_POST['squest'] != 10) {
$problem = True;
Print '<p class="error">Your did not input the correct security answer</p>';
}
if (!$problem);
I include the additional code with my prepared statement as well here.
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username,
$password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if ($_POST['squest'] != 10) {
$problem = True;
Print '<p class="error">Your did not input the correct security answer</p>';
}
if (!$problem);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO contactus (name, email, commtype, comment, squest,
answered, confirm)
VALUES (:name, :email, :commtype, :comment, :squest, :answered, :confirm)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':commtype', $commtype);
$stmt->bindParam(':comment', $comment);
$stmt->bindParam(':squest', $squest);
$stmt->bindParam(':answered', $answered);
$stmt->bindParam(':confirm', $confirm);
// insert a row
$name = $_POST['name'];
$email = $_POST['email'];
$commtype = $_POST['commtype'];
$comment = $_POST['comment'];
$squest = $_POST['squest'];
$answered = $_POST['answered'];
$confirm = $_POST['confirm'];
$stmt->execute();
Thank you!
Aucun commentaire:
Enregistrer un commentaire