Hello I am under heavy attack some one inserting thousands of records in my database.
Checkout my codes below I am using.
<?php
include_once 'files/config.php';
$q = trim(!empty($_GET['q'])) ? $_GET['q'] : null;
$key = $conn->real_escape_string(trim($q));
$result = mysqli_query($conn, "SELECT id,title,size,category,url FROM data WHERE MATCH (title) AGAINST ('$key') ORDER BY MATCH (title) AGAINST ('$key') DESC LIMIT 200");
?>
// some divs data goes here
<?php
mysqli_query($conn, "INSERT INTO tags (tag) VALUES('{$key}') ON DUPLICATE KEY UPDATE count = count + 1");
while($row = mysqli_fetch_array($result))
{
$title = $row['title'];
$size = $row['size'];
$title = strip_tags($title);
?>
How to avoid this attack inserting thousands of fake records into my database within a minute?