Hello, I'm making a script. How can I prevent double "hits" on this by using a session? Here the function that adds the "hit" when it processed. <?php mysql_query('UPDATE `links` SET `hits`=hits+1 WHERE `id`='.mysql_real_escape_string($url).''); header('Cache-Control: no-cache'); header("Location: http://" . $result['short_url'] . ""); exit; ?> PHP: I've tried this, but it didn't work. // Have they already visited this url? if(!isset($_SESSION['' . $url . ''])) { // Add +1 to hits mysql_query('UPDATE `links` SET `hits`=hits+1 WHERE `id`='.mysql_real_escape_string($url).''); } // Set the Session for next time. $_SESSION['' . $url . ''] = true; // Send results header('Cache-Control: no-cache'); header("Location: http://" . $result['short_url'] . ""); exit; PHP:
What's with this: if(!isset($_SESSION['' . $url . ''])) { PHP: Why the empty '' before and after? That's unnecessary.. Do if(!isset($_SESSION[$url])) { PHP: Better yet, md5 that sucker so that its always a 32 character string.. if(!isset($_SESSION[md5($url)])) { PHP: You'll ofcourse also have to md5 it once you set it, you can probably figure that out yourself. Anyway, since you redirect immediately after setting the session, you may want to add this below $_SESSION .. = .. session_write_close(); PHP: This ensures the session has been written to disk before redirecting. And lastly, this tactic won't stop people from simply closing their browsers and opening them again. You'll have to record the user ID or ip address in a different table if you want full security.
Yes but the hits is just gimmick purposes. Its not used anywhere else on the site to manipulate what links get shown. There is no motive for anyone to rack up the hits on their link. (I'm making a directory kind of script). But yikes, Its still not working. This is full script. (minus the Mysql queries). My logical thinking is saying this should work. The session is set and is being sent. But it still adding the +1 hit, even after I have the session set. I just dont' understand it! <?php session_name('s'); session_start(); require 'config.php'; //Get Id $url = $_GET['id']; // Validate Input for Sql injection // If not numbers, exit; if(!preg_match("#^\d+$#s",$url) || empty($url)) { exit('Invalid'); } // Just In case $url = intval($url); // mysql queries omitted // Send Results if(!empty($result)) { //Set Session if(!isset($_SESSION[$url])) { mysql_query('UPDATE `links` SET `hits`=hits+1 WHERE `id`='.mysql_real_escape_string($url).''); $_SESSION[$url]; <-- Point of error session_write_close(); } header('Cache-Control: no-cache'); header("Location: http://" . $result['short_url'] . ""); exit; } else { header("HTTP/1.0 404 Not Found"); exit( $url . 'Not Found'); } // Release Mysql Results mysql_free_result($result); ?> PHP:
$url is just an integer? Ah then the md5 is not necessary (you aren't using it anyway) But this is wrong: $_SESSION[$url]; Should be $_SESSION[$url] = true;
Edit: Okay $_SESSION[$url] = true; is only half the problem. $_SESSION cannot take a integer in the [] part as the first character much like $vars. You cannot make $1 but you can you can make $a1 or $_1 or $kdkdk1. So I make this. $url2 = "a" . $url; $_SESSION[$url2]; it works now.