I made an online form, which i planned to send to some people with email as a link to the form,
now can bots crawl that form ? how do i prevent that form from spam ?
I used id to display output from database, I used mysql real escape string and it is also displaying error page with the when i use (id='9
) to fetch data from database
how to fix it ?
To deny bots access, you can use no robots , no follow meta tags in that page.
Please write the complete query you used and where the issue its showing.
As Yaldaram said, it would be nice to see the full code as it would make it easier to debug.
(2012-06-04, 09:41 AM)Yaldaram Wrote: [ -> ]To deny bots access, you can use no robots , no follow meta tags in that page.
I assume he means spam bots.
OP, use a system such as recaptcha.
http://recaptcha.net
this is test.php
//$Idata=mysql_real_escape_string($_GET["id"]);
$Idata=$_GET['id'];
$temp_query="SELECT *
FROM `mytable`
WHERE `ID` =".$Idata."
LIMIT 0 , 1";
$query2 = mysql_query($temp_query) or die(mysql_error());
while($result=mysql_fetch_array($query2))
{
echo '
hi id is $result[id] and value is $result[name]
';
now when i enter, test.php?id=6
it works fine, when I enter test.php?id='6
I get error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 LIMIT 0 , 1' at line 3
when i use real escape string it simple converts single quote to a slash, and again gives the error,
(2012-06-04, 04:49 PM)sunjava1 Wrote: [ -> ]this is test.php
//$Idata=mysql_real_escape_string($_GET["id"]);
$Idata=$_GET['id'];
$temp_query="SELECT *
FROM `mytable`
WHERE `ID` =".$Idata."
LIMIT 0 , 1";
$query2 = mysql_query($temp_query) or die(mysql_error());
while($result=mysql_fetch_array($query2))
{
echo '
hi id is $result[id] and value is $result[name]
';
now when i enter, test.php?id=6
it works fine, when I enter test.php?id='6
I get error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 LIMIT 0 , 1' at line 3
when i use real escape string it simple converts single quote to a slash, and again gives the error,
which is good, you don't want any extra code being added to your query
not good, i didn't see the output with real escpae string, it also gives me error
using mysql real escape string
$Idata=mysql_real_escape_string($_GET["id"]);
$temp_query="SELECT *
FROM `mytable`
WHERE `ID` =".$Idata."
LIMIT 0 , 1";
$query2 = mysql_query($temp_query) or die(mysql_error());
while($result=mysql_fetch_array($query2))
{
echo '
hi id is $result[id] and value is $result[name]
';
this one gives me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'1 LIMIT 0 , 1' at line 3
The query should be:
SELECT * FROM `mytable` WHERE `ID` ='".$Idata."' LIMIT 0 , 1