MySQL Search Limit using PHP

Question

I've added a search function on my website where users will be able to search the content of my page.

Code:

    try
        {
            $pdo = new PDO("mysql:host=hostname;dbname=searchdb", "searchuser", "searchpw", 
array(PDO::ATTR_PERSISTENT => true));
        }
        catch (PDOException $ex) {
            echo $ex->getMessage() . "<br>";
            exit('Connection Closed');
        }
        $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
        $stmt = $pdo->prepare($query);
        $stmt->setFetchMode(PDO::FETCH_ASSOC);
        $stmt->execute();

Now I wanted to know how to protect it from search overload. I believe anyone can create a simple bot program that can that waste my bandwidth/cpu with too many search queries.

I mean I could track the IP Address and limit it from there but I would like to avoid that route if possible.

perhaps you'd find [this SO question](http://stackoverflow.com/a/131685/467164question) interesting... — Zathrus Writer, Feb 05 '13 at 12:59

score 0 · Accepted Answer · answered Feb 05 '13 at 12:58

0

There are many ways, maybe try limiting the searches per time interval for specific ip address, create a table and store searches ips and time searched, and allow as many searches as you want.. simple and efficient..

answered Feb 05 '13 at 12:58

phpalix

679
4
8

score 0 · Answer 2 · answered Feb 05 '13 at 13:05

There is no such thing like "search overload".
There is general type of attack called "denial of service", performed by a number of simultaneous requests, to arbitrary application part. So, you have to read on DOS protection in general, as this kind of attack has nothing to do with mysql or PDO.

There is also one helpful advise:
Do solve problems on their appearance.
In other words, solve only real problems, not imaginary ones.
As long as you have no such "search overload" problem - take no counter-measures either.

MySQL Search Limit using PHP

2 Answers2