Home/ Questions/Q 3722596
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T05:57:43+00:00

I’m running a site that uses qdbs 1.10 to offer a PHP based quote

  • 0

I’m running a site that uses qdbs 1.10 to offer a PHP based quote database with votes. Voting is implemented via GET, causing bots to vote on quotes by accident. To avoid this, I’d like to convert the GET requests to POSTs.

I’m a complete newbie at PHP, and web development in general. Is it possible to perform this chance with minimal knowledge? Are there any patterns to follow, or have you got some hints on how to do it?

(I’m changing robots.txt as a temporary solution, but this does not solve the underlying issue.)

Edit: This appears to be the relevant section of code. I did not write this myself of course, and I can only follow it by guessing what might be happening – I never learned one word of PHP.

index.php

if ($_GET['do'] || $_POST['do']) {
    switch ($_GET['do']) {
        case 'rate':
             $sql = "SELECT ip FROM ".$_qdbs[tpfx]."votes WHERE id='".mysql_real_escape_string($_GET['q'])."' AND ip='$ip'"; 
             $a = $db->_sql($sql);
             $row = $db->fetch_row($a);
             if ($row['ip'] != $ip) {
                 if ($_GET['r'] == 'good') {
                     $sql = "UPDATE ".$_qdbs[tpfx]."quotes SET rating=rating+1 WHERE id='".mysql_real_escape_string($_GET['q'])."'";
                     $a = $db->_sql($sql);
                     $sql = "INSERT INTO ".$_qdbs[tpfx]."votes (id,ip) VALUES ('".mysql_real_escape_string($_GET['q'])."', '".mysql_real_escape_string($ip)."')";
                     $a = $db->_sql($sql);
                 }
                 elseif ($_GET['r'] == 'bad') {
                     $sql = "UPDATE ".$_qdbs[tpfx]."quotes SET rating=rating-1 WHERE id='".mysql_real_escape_string($_GET['q'])."'";
                     $a = $db->_sql($sql);
                     $sql = "INSERT INTO ".$_qdbs[tpfx]."votes (id,ip) VALUES ('".mysql_real_escape_string($_GET['q'])."', '".mysql_real_escape_string($ip)."')";
                     $a = $db->_sql($sql);
                 }
             }
             header("Location: ".$ref);
             break;
    }
...

quote_rate.tpl

[<a href="?do=rate&q=<?php echo $q_id;?>&r=good" title="Rate as good"><b>+</b></a>|<a href="?do=rate&q=<?php echo $q_id;?>&r=bad" title="Rate as bad"><b>-</b></a>]

Edit: The idea to replace GET with POST came this related question.

Using AJAX to vote is something I’d like to do anyway, so of course an AJAX based solution would be great, too.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think the best solution for you (hopefully others feel the same) is to change the HTML code that links to each +- sign by an AJAX function that will do the voting, for example:

    instead of having this code:

    [<a href="?do=rate&q=<?php echo $q_id;?>&r=good" title="Rate as good"><b>+</b></a>|<a href="?do=rate&q=<?php echo $q_id;?>&r=bad" title="Rate as bad"><b>-</b></a>]

    You will have something like this:

    [<a href="javascript:rateQuote('good',<?php echo $q_id;?>)" title="Rate as good"><b>+</b></a>|<a href="javascript:rateQuote('bad',<?php echo $q_id;?>)" title="Rate as bad"><b>-</b></a>]

    The JS function should look something similar to this:

    function rateQuote(vote,id) {
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
               //if you want to include a 'success' message, this is the place
    }
  }
xmlhttp.open("GET","index.php?do=rate&q="+id+"r="+vote,true);
xmlhttp.send();
}

    As far as I know, generally, crawlers don’t run javascript functions. But I am not 100% sure.

    • 0