Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Since you know whatever bot (probably a crawler) is including additional parameters in the call, you can probably assume it is not a directed attack on your server, though it could be fishing for weaknesses in your mysql escaping (or similar attacks).</p> <p>A few things I'd focus on:</p> <p>1) POST the page content (instead of GET) to avoid random web links if your domain was previously owned by someone else.</p> <p>2) If the $_POST contains anything other than the fields you expect, ignore that entire post (browser will not send additional fields unless you specified them yourself or someone added them to the page with a greasemonkey script (or similar)). You can check this with something like: </p> <pre><code>$allowedParams = array('name', 'email', 'subject', 'etc'); foreach($_POST as $param=&gt;$val) { if(!in_array($param, $allowedParams)) { die(); } } </code></pre> <p>3) Check the referer and/or useragent for common bots and either deny the data or handle it differently. Not bulletproof, but handy.</p> <p>4) If this script is being called via Ajax, look into <a href="http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/" rel="nofollow">Cross Origin Resource Sharing</a></p> <p>5) <a href="http://www.onlineaspect.com/2010/07/02/why-you-should-never-use-a-captcha/" rel="nofollow">Don't use a captcha</a> unless you really really really have to (you probably don't). If you do decide on a captcha, use something simple like a "Are you human? (type yes)" with a textbox for "yes". Not one of those crazy, read this mess captchas.</p>
    singulars
    1. This table or related slice is empty.
    1. POIs the way a bot submits a form different than someone using a browser?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USBob Davies
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThanks for the response Bob. I don't think I can be sure that the bot/crawler is including additional parameters because when I get the emails they are blank except for 3 fields which have default values. The form contains 6 fields with default values, so I was confused that only 3 kept coming in the emails when there is no way I could reproduce that with a browser and I would have thought that a bot would be all or nothing not 1/2 the fields. I'll look into the your other suggestions for 1 & 2. For #3, is there a list you know of which contains useragents of common bots I can reference?
      singulars
      1. PO
      1. USQuestion Asker
    2. COBoth blacklisting and whitelisting useragents (though it's safe to assume all browsers will have a useragent, some bots will not) have their own problems, I'd just catch the useragent of every form submission then look for commonalities in the ones sending the junk data, then block that commonality.
      singulars
      1. PO
      1. USBob Davies
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload