need to keep private the database somehow.. there's too many ip's to block.

see shoutbox: http://deweydesigns.com/radio_shout.html

so far there's about 56 pages filled with rows/cells of BS casino spam.. plz help


edit:

i also need to know how to quickly delete the million posts that were spammed into my database. something like: DEL id=26 through id=12675. in php

DELETE from your_table WHERE id between 26 and 12675;

thx so much...took 0.0563 sec... haha

While it's possible someone hacked directly into your database (anything is possible), it's probably a lot more likely they just created a script that emulated your shoutbox form and simply sent a whole series of HTTP requests with form post data. You *might* be able to stop that sort of thing by verifying that the HTTP_REFERER is in fact your page (though the referer can be spoofed, so it's not a guarantee).

plz.. consider me a noob.. i wouldn't know at all how to do that.. plz b very specific and elaborate on exactly how i may implement any methods you may suggest

At the point in your shoutbox.php file where the form inputs are processed, you would wrap it in an if clause, something like:

if(strpos($_SERVER['HTTP_REFERER'], 'deweydesigns.com') !== FALSE)
{
// rest of form-processing code here
}