How to restrict user to fill application more than once in PHP

Question

I have this PHP application where a user Student can view and apply for Internships that the other user Employer can post. Screenshot of the Student Dashboard. The problem is:

If the student has already applied for an internship, he should be restricted from applying again. This is the form when Apply is clicked

This is the PHP code for the form-page:

`

$name=$_POST['name'];
$email=$_POST['email'];
$employer=$_POST['employer'];
$title=$_POST['title'];

$query="INSERT INTO student_applications(name,email,employer,job_title) VALUES('$name','$email','$employer','$title')";
$result=mysqli_query($conn,$query);
if($result)
    header("Location: student-profile.php");
else
    header("Location: register_intern.php");

?>`

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 04 '17 at 17:22
this was just a code snippet to make context for the question — Satyam Raj, May 04 '17 at 17:33
@SatyamRaj People look at SO as examples so It is best to not have insecure code on the site, and if there is insecure code it should be called out to warn any future viewers. — jfadich, May 04 '17 at 17:36
What have you tried to restrict the access? Would it be sufficient to use a cookie, or do you already use some kind of authentication? — Nico Haase, Jan 06 '21 at 08:14

score 0 · Answer 1 · answered May 04 '17 at 17:32

0

Create a unique constraint on student_applications.email. Then it becomes impossible to have more than one row per applicant:

CREATE UNIQUE INDEX email ON student_applications (email);

Then when it's time to insert a new user, don't bother checking to see if one exists, just try to insert a new row. If there's already a row with the same email, the insert will fail.

answered May 04 '17 at 17:32

Alex Howansky

50,515
8
78
98

Yeah, but it won't tell anything what has happened, right? – Satyam Raj May 04 '17 at 17:34
It's always good to have an unique index on the column - but it's a bad practise, to wait for an error instead of test it before – Philipp May 04 '17 at 17:34
@Philipp Read-before-write is only safe in a single user environment. – Alex Howansky May 04 '17 at 17:36
Didn't said, you shouldn't add the index - said, you should also check it before. Preventable errors should be prevented – Philipp May 04 '17 at 17:38

How to restrict user to fill application more than once in PHP

1 Answers1