I'm creating a survey form, the results of which are e-mailed, and I've been asked to set it so that no one can fill it in twice.

Obviously this is impossible, as it's a public survey and I'm not allowed to make people log in before filling it in. However, I know there are ways to limit the number of times someone can complete the form using cookies, and any tips, or links pointing to a tutorial would be appreciated.

Edited to add: I've done a bit more research, and I need a persistent web cookie, which expires in one month. If someone had already filled in the form, it wouldn't be visible and they would get a 'you have already filled out this form' message instead.

Well, I don't know about that, so sorry if this doesn't help; but, I am thinking that you should just store the IP address in a MySQL table when the guest submits the survey. If the guests IP is already in the table, you send them the message.

Also, as far as I know, there is no such thing as an "invisible cookie."

Okay, here are two samples:

1: Cookie method (not invisible, but it works :))


<?php

if(isset($_COOKIE['survey'])){
die("You already sent in the survey");
}else{
//process form
setcookie("survey", 'set', time()+(60*60*24*30)); //cookie expires in one month
}

?>


2:MySQL method:


<?php

$ip = $_SERVER['REMOTE_ADDR'];

//connect to MySQL
$rows = MySQL_Query("SELECT * FROM sent WHERE ip=\"$ip\";");

if(MySQL_Num_rows($rows) > 0){
die("You already sent in the survey");
}else{
//process form
MySQL_Query("INSERT INTO sent VALUES (\"$ip\");");
}

//close mysql connection

?>



The difference is that the information in number 1 is store on the user's computer, number 2 is on the server. In number 1, if the user clears their cookies, they can resubmit the form. In number 2, if they have a dynamic IP (most people do), if they reset their router, they can resubmit the form.

The first one will not work because your not setting a cookie called survey, but TestCookie. Thus it will not work. :)

Heh. That is funny. In my haste to produce a sample, I pasted in the function rather than actually writing it (saved my a whole 30 seconds :D), and then I forgot to make the changes.

Thanks Nile, it's fixed now.

Also for set you used single quotes but for the cookie name you used double. Also you don't need to use 'set' just make it true.
Here's the code:


<?php
if($_COOKIE['survey']){
die("You already sent in the survey");
return false;
}else{
//process form
setcookie("survey", true, time()+(60*60*24*30)); //cookie expires in one month
return true;
}
?>

@Nile-- please don't make pointless corrections to code. My code worked fine (double and single quotes do not matter, they both create a string; it's more politically correct to use double quotes, but there is no difference), and I know I didn't need the word set, I did that to show that is has been set. Do not correct working code, especially an example.

it's more politically correct to use double quotes, but there is no difference)

Actually, it is better to use single quotes as it takes less time to parse. Just thought you should know that.

Yes, and no. In most cases, it is better to use single quotes, however for things like file names, double quotes are more politcally correct (I don't know why, because as you said it is slower). That is what I was refering to, not strings in general.