| SitePoint Sponsor |
hi all
ive created a form which sends reviews to my database, i want to be able to store the persons ip address in a separate field on the database.
this is stop abusive material being added and so i can just check the ip and ban them from the site.
how is this achived? can anybody help?
or have you got some other technics?
many thanks!!
Their IP address is $_SERVER['REMOTE_ADDR']. Store it in the database.
how would i store it? what part of my script?
thanks
say i creat a field ip_address
how will i use $_SERVER['REMOTE_ADDR'] to pass the ip to ip_adress?
here is sum of my script:
<?php
//query, get the values from our form
$venue = ($_POST['venue']);
$comment = ($_POST['comment']);
$review_date = ($_POST['review_date']);
// now we insert it into the database
$insert = "INSERT INTO venues (venue, comment, review_date)
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
$add_member = mysql_query($insert) or die(mysql_error());
?>
just create a field with varchar(15) that would be enough
thanks but how would i fit it in to my script above?
thanks! still learning.
The above has not been tested, but should work, assuming you have a field in your table called "ip". I would recommend validating/sanitizing your data before inserting it into your database if you aren'tPHP Code:$venue = ($_POST['venue']);
$comment = ($_POST['comment']);
$review_date = ($_POST['review_date']);
$ip = $_SERVER['REMOTE_ADDR'];
$insert = "INSERT INTO venues (venue, comment, review_date, ip)
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW(),$ip)";
$add_member = mysql_query($insert) or die(mysql_error());
thanks
but now it says:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '.37.63)' at line 2
whats wrong here?
cheers
Let's say you have database table like this:
id, venue, comment, ip_address, review_date
here is the script that will insert the new data in the table
$_SERVER is global variable and you might wanna read some more about it in the php manual herePHP Code:<?php
//query, get the values from our form
$venue = $_POST['venue'];
$comment = $_POST['comment'];
$review_date = $_POST['review_date'];
$ip_address = $_SERVER['REMOTE_ADDR'] ;
// now we insert it into the database
$insert = "INSERT INTO venues (venue, comment, ip_address, review_date)
VALUES ('$venue', '$comment', '$ip_address', '$review_date')";
$add_member = mysql_query($insert) or die(mysql_error());
?>
I hope that'll help you
Have you actually got a 'ip' field in your database?
If you don't then that's probably why it isn't working.
Get your heelys now at flywalk.co.uk - But what are heelys?
Heelys are simply shoes with wheels in the heels!
Flywalk.co.uk - The UK Heelys Retailer
ok before i try this
y have u taken the POST away and the ( )
again thanks, still learning, trying to get my head around things
yes i have an ip field already set up
got it working!! THANKS!
just need to no, what is the diffrence between these to:
VALUES ('$venue', '$comment', '$review_date')";
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
these both work but what is the diffrence, with the $_POST
The $_POST means that you are getting information that is posted from a form. But you already declared the variables $venue, $comment, and $review date to get the information from the form, so adding the $_POST again when inserting the data is redundant.
Now I have a question: GetHostByName($REMOTE_ADDR) vs. $_SERVER['REMOTE_ADDR']. Which is more secure?
It is also worth noting that the IP address provided in $_SERVER['REMOTE_ADDR'] may be that of a proxy server, rather than the client's IP address. If the client is using a proxy then $_SERVER['REMOTE_ADDR'] will be the proxy IP and the actual client IP will be in $_SERVER['HTTP_X_FORWARDED_FOR']. If the client is using multiple proxies then $_SERVER['HTTP_X_FORWARDED_FOR'] will be a list of IP addresses, with the client IP at the end of the list.
lol!! i havnt got a clue, am new to all this, sorry.
but i have a nother question, if u dont mind, lol!
what do the () means these both work so what is the diffrence?
$venue = ($_POST['venue']);
$venue = $_POST['venue'];
thansk agian got everything workin
Just like in a mathematical equation, anything in the () are executed first. The () also are used for calling functions and for if/for/while/etc statments.
so what r the benefits then using ()?
and i just com accross the little piece, if it helps:
if the user is sitting behind a proxy server, you can do this;
<?
if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != ""){
$IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
$proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
}else{
$IP = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);
}
?>
if that makes any sense to you
The benefits of ()? Well, usually it simply is a necessity. The benefits of () is that they will make your code work.
Another (more concise) version of that code you posted:
PHP Code:$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
impresive! thanks again for all the info,
just 1 last thing, how do u get your scripts to show up in the colors and that box when posting
a caution about HTTP_X_FORWARDED_FOR
any of the variables in the $_SERVER array that begin with HTTP_* are derived from the request headers the client browser sends. this means they can fake them quite easily.
if you want to see this in action, make 2 scripts.
server_vars.php.php
request.phpPHP Code:<?php
print_r($_SERVER);
?>
PHP Code:<?php
echo "<pre>\n";
$host = 'localhost';
//$host = 'www.example.org';
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
$out = "GET /server_vars.php HTTP/1.1\r\n";
$out .= "Host: $host\r\n";
// add some headers that php will put into the _SERVER array for us
$out .= "X-FORWARDED-FOR: fake x_forwarded_for\r\n";
$out .= "FORWARDED-FOR: fake forwarded for\r\n";
$out .= "foo: im am foo\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
and run request.php and it will show you the output of server_vars.php
thanks but this is going to deep for me..
thanks again every 1 for the input!
basically im saying, i wouldnt recomend using X_FORWARDED_FOR because it is easily faked.
so what is the most safe?
i just want a bit of code i can use again and agin and get a genuine ip.
what i have now is working, but djones mentioned the proxy server problems as above.
iam using $_SERVER['REMOTE_ADDR'] whats the olturnative?
this is what ive got in my script
$ip_address = $_SERVER['REMOTE_ADDR'] ;
Posting Permissions
Bookmarks