Why would you have doubts over if I know what something means?
Because it's obvious I can use a custom UserAgent. Maybe you were trying to say how to get the UserAgent that will be set on the website?
And why would you use an SQL statement to get a UserAgent string? Now I'm beginning to get doubts.
I'm not sure how you are interpreting what I wrote. Don't invent strange things, I was quoting this:

Originally Posted by
_NightWare
you only need one sql statement.
which sql statement were you referring to? Do you know what were you talking about?
You use php to get your ua. You use SQL to query a database.
Wow, seriously? How did you _mind_ I didn't know how to check the UserAgent of an user which is browsing my website? Why are you strutting about this?
I proved my point by saying it's possible.
Saying you can spoof an UserAgent is like saying it's _possible_ to use a custom UserAgent, it is superfluous and pointless. Saying you can get the right UserAgent which validates your request to the webserver has more sense.
Heartbleed? 2014 much? Irrelevent now.
Many websites still use an old version of OpenSSL, so it's still relevant.
Plus it results from improper input validation.
Who did ask it?
But why would you not put that in the "password" <- wich I assume would not be static.
Because the implementation will be muddler and conventionally wrong. You can customize your UserAgent, why shouldn't you do it?
So why re-invent the wheel?
What am I re-inventing?
Heartbleed is very irrelevent
Till this year, it is relevant. Maybe in 10 years it won't, but it is still relevant. You probably don't have any conception of this.
look into phpids (intrusion detection System) and you'll see it's all there. well, exept ofcourse the connection to the server itself, forwich you would use SSL with the strongest cert you can get. Also you do cert checking on the server side.
1. PHPIDS is not maintained since 4 years.
2. PHPIDS is vulnerable to XSS, LFI, IP spoofing, and mostly to CRLF injection attack, look at point 1.
At least, if you want to use something like PHPIDS, look at the forked versions.
Summarizing, you are suggesting glaring and bad methods to do the work, and this citation:
Everything sould be made as simple as possible, but not simpler
would lose its meaning.
Don't tell me to hide a pen you put it into a strongbox.
- - - Updated - - -
Limiting requests for a bunch of time is better and clearer as I've already said. Mostly I would consider doing an UserAgent checker if you want to make it more secure.
p.s: Obviously you should consider this:
SSL is also vulnerable to the heartbleed bug
as a jargon. I mean that who uses that old OpenSSL as implementation is vulnerable.