BigRob250 BigRob250 - 1 year ago 51
MySQL Question

My poll has a 'back button' loophole

Have had a couple questions answered very nicely here and I've got some more trouble someone can probably help with:

I have SQL database that holds a poll question answer and a user IP address. Here is my (now working!) PHP code:

// check to see if user has already voted
$current_user = $_SERVER['REMOTE_ADDR'];
$select_query = "SELECT * FROM w_poll_counter WHERE user_IP = '" . $current_user ."';";

$result = mysql_query($select_query);

$row = mysql_fetch_array($result);
$user_from_db = $row['user_IP'];

if($current_user === $user_from_db)
//user already voted - show results page
header("Location: scripts/show_results.php");

The code works great, except there's one problem... After a user votes and sees the results page, they can click the browser's 'back' button and then simply vote again, since the code to check their IP address doesn't run in that instance.

What do I need to do to fix this issue?



Check if the user has already voted before executing your update statement.

Also you should take better care, your script is very vulnerable to sql injections.

I can show you this example of an implementation via pdo:

$pdo = new PDO('mysql:host=localhost;dbname=test;charset=utf8;', 'dbUser', 'dbPassword');

$stmtCheck = $pdo->prepare("SELECT * FROM w_poll_counter WHERE user_IP = ?");
$result = $stmtCheck->fetchAll(PDO::FETCH_ASSOC);

if(count($result) === 0){