Welcome to WebmasterWorld.

There are many ways to protect forms from flood submission.

1) Add a CAPTCHA. A Google search for "simple PHP CAPTCHA" should give you some examples and tutorials.

2) Use a simple logic question. An example of such a question would be "What is 1 + 3" and the user must enter 4. You'd probably have a database of many such questions and display one at random on each form.

3) Have an input field that is hidden using CSS. Most genuine visitors will not see the field and so it will be empty when the form is submitted. Bots will see the field and fill it with junk. So if the field is filled in you can ignore the submission.

I'm sure there are more ways to protect from flood submissions but those examples should give you somewhere to start.

thanks for reply ! IP flood protect + captcha my idea . IP flood protect is my like . can help me ?

Set a cookie when your form is submitted with the current timestamp. Example:
setcookie('flood', time(), time()+60*60*24*30);

Check the cookie against your limit when the form is processed again:

$limit = 3; //3 mins
if (isset($_COOKIE['flood'])) {
$currentTime = time();
$seconds = intval($currentTime-$_COOKIE['flood']);
if ($limit > number_format($seconds/60,0)) {
echo 'Flood control enabled..';
exit;
}
}

Reset the cookie if the form is processed again:

setcookie('flood','');

And then set it again if the form is successfully processed. Hope that helps.

dc

But if it's a bot, the bot will not honor the cookie. Because it is much more difficult to conceal an IP address, you can log the IP address (to a database table or a file) and not accept a resubmit from it for a specified time period.

i Dont care ! how to add IP to database ? please tell me with example script or code . each user only one register with IP in any time ( 20 min - 30 min - .... - 1 day Or never ) . thanks