I just want a code that can stops a user from submitting a form continuously
example if the user is a kind of an attacker . and I read that it can cause a DDOS attack too. (Correct me if I am wrong.)
Thanks it will really help me. If you give me some suggestions and advices.Thank you.
分享 You can use a captcha or a randomly-generated hidden token in order to enforce the expected flow chain, i.e. avoid direct form submissions using curl or any HTTP request forgery tool. This will also help you get protected against the CSRF exploit.
You will check the consistency of the token before executing the [supposedly heavy] logic of processing the actual form (database accesses, e-mail notifications, etc.).
However, as other users pointed out, this will NOT prevent the HTTP server from receiving and dispatching the malicious requests, and spawning a PHP process. Better than nothing though.
分享
