Home/ Questions/Q 8047995
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T06:17:19+00:00

Help! I’m writing some code to update a mySQL database using similar to the

  • 0

Help! I’m writing some code to update a mySQL database using similar to the code below:-

$.post('http://myURL.com/vote.php?personID=' + personID + '&eventID=123');

The vote.php code takes the querystring values and inserts a record into a database with those values in it.

This kind of code is working fine, but I’ve realised the problem is that people could just type something like:

http://myURL.com/vote.php?personID=5&eventID=123

into their address bar and essentially spam the app…

Is there a straightforward way I can ensure this doesn’t happen? I’m reasonably new to these technologies so not aware of how everything works or fits together, but I’m learning fast so any pointers would be super useful.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is not a good idea to use GET parameters for data that goes to a database. Generally, you want to use POST parameters which are not visible in the URL. So instead of :

    $.post('http://myURL.com/vote.php?personID=' + personID + '&eventID=123');

    You would do it like this :

    $.post('http://myURL.com/vote.php', { "personID" : personID, "eventID" : 123 });

    And in your PHP script, you would access your data with the $_POST array like this :

    $personID = $_POST['personID'];
$eventID = $_POST['eventID'];

    However, don’t forget to properly filter input before saving to the database to prevent bad things like SQL Injection.

    This is not a silver bullet : spam will still be possible because any HTTP client will be able to send a post request to your site. Another thing you can look at is Security Tokens to make it even less vulnerable to spam. Or implement a system that limits the number of request/minute/user… but I’m getting too far from the original question.

    • 0