0

I have a site where people add their sites in my database , i already have done like any user can add only one entry of same site e.g if user1 adds: http://site1.com then no other user can add http://site1.com they are shown this site is already in DB , now some people do this thing they make sub domains, http://subdomain.site1.com , then they can add UL number of subdomains of the main domain which is already in the Database. Now My question is how to prevent this being done? using PHP

My Try:

 ....
      $check = mysql_query("SELECT * FROM domain WHERE url LIKE '%$suburl%'");
  if($check=="$url"){
 echo"You cannot add a subdomain";

 }
 ?>
Rojer Tenison
  • 49
  • 1
  • 1
  • 6
  • 2
    Please stop writing new code with the ancient MySQL extension: it is no longer maintained and the community has begun the [deprecation process](http://news.php.net/php.internals/53799). Instead you should use either the improved [MySQLi](http://php.net/mysqli) extension or the [PDO](http://php.net/pdo) abstraction layer. Also don't put variables (especially those which come from your user) into your SQL, as it makes you vulnerable to SQL injection. You should instead use prepared statements, with which your variables can be passed to MySQL as parameters that do not get evaluated for SQL. – eggyal May 28 '12 at 17:59
  • 1
    The return value of the `mysql_query` function is a resource identifier; comparing this against `$url` (why quote it?) is probably not what you had intended. Perhaps you wanted [`mysql_num_rows`](http://php.net/manual/en/function.mysql-num-rows.php) instead? – eggyal May 28 '12 at 18:00
  • @eggyal thanks for letting me know about using MYSQLI :) – Rojer Tenison May 28 '12 at 19:08

1 Answers1

2

Given the new entry is http://subdomain.site1.com, get the site1.com part using the function below (I got it here) and put the result inside the LIKE '%%'

// Get the domain name from URL
function get_domain($url)
{
  $host = parse_url($url, PHP_URL_HOST);
  if (preg_match('/(?P<domain>[a-z0-9][a-z0-9\-]{1,63}\.[a-z\.]{2,6})$/i', $host, $regs)) {
    return $regs['domain'];
  }
  return false;
}

$host = get_domain("http://subdomain.site1.com");  // site1.com
$qry = mysql_query("SELECT * FROM domain WHERE url LIKE '%$host%' LIMIT 1");

if (mysql_num_rows($qry)) {
  // Site already exist
}
Community
  • 1
  • 1
flowfree
  • 16,356
  • 12
  • 52
  • 76
  • Thanks :) , it works only if the request is from single form , there is also a text area form from which users can add multi number of URL's its not working there .. any ideas? – Rojer Tenison May 28 '12 at 20:07