So, we create a website and create our basic information for sending logins to our database. We have problems trying to deny requests that simply include their own data.
eg.
http://testing.site.com/php/interfaces/User.php?Action=1&Email=test@gmail.com&FirstName=herp%20derp
Replacing email and name, they can add multiple users to the database, and possibly with the help of a script thousands. Is there a way to prevent this without using captcha? We try to be very minimal and open with the design of the site, so I would like some input, if possible.
One of the options that we considered is to move our PHP offline and only that allows our API to access it, however it still presents a problem with users adding to authorized data (and overloading our database with thousands multiple queries).
source
share