The possibility of it being exploited is why you would not use something like status2 = status + 1. It would be better to hardcode the status updates to something like status = 5. That way it would not matter how many times they triggered the script they would still have the same or worse status depending on how the script is written. One could also use qglobals as a check to prevent it from being exploited.
I tried more than a few times to put the sql execution inside of event_whatever and it never worked. I probably just did something wrong but I never figured out what.
|