SitePoint Sponsor |
|
User Tag List
Results 1 to 24 of 24
Thread: how to store ip address
-
May 20, 2006, 09:45 #1
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
how to store ip address
hi all
ive created a form which sends reviews to my database, i want to be able to store the persons ip address in a separate field on the database.
this is stop abusive material being added and so i can just check the ip and ban them from the site.
how is this achived? can anybody help?
or have you got some other technics?
many thanks!!
-
May 20, 2006, 10:11 #2
- Join Date
- Jul 2005
- Location
- Orlando
- Posts
- 634
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Their IP address is $_SERVER['REMOTE_ADDR']. Store it in the database.
-
May 20, 2006, 10:13 #3
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
how would i store it? what part of my script?
thanks
-
May 20, 2006, 10:19 #4
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
say i creat a field ip_address
how will i use $_SERVER['REMOTE_ADDR'] to pass the ip to ip_adress?
here is sum of my script:
<?php
//query, get the values from our form
$venue = ($_POST['venue']);
$comment = ($_POST['comment']);
$review_date = ($_POST['review_date']);
// now we insert it into the database
$insert = "INSERT INTO venues (venue, comment, review_date)
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
$add_member = mysql_query($insert) or die(mysql_error());
?>
-
May 20, 2006, 10:19 #5
- Join Date
- Sep 2003
- Location
- Chicago
- Posts
- 190
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
just create a field with varchar(15) that would be enough
-
May 20, 2006, 10:21 #6
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thanks but how would i fit it in to my script above?
thanks! still learning.
-
May 20, 2006, 10:42 #7
- Join Date
- Feb 2004
- Location
- MN
- Posts
- 408
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
PHP Code:$venue = ($_POST['venue']);
$comment = ($_POST['comment']);
$review_date = ($_POST['review_date']);
$ip = $_SERVER['REMOTE_ADDR'];
$insert = "INSERT INTO venues (venue, comment, review_date, ip)
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW(),$ip)";
$add_member = mysql_query($insert) or die(mysql_error());
-
May 20, 2006, 10:47 #8
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thanks
but now it says:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '.37.63)' at line 2
whats wrong here?
cheers
-
May 20, 2006, 10:53 #9
- Join Date
- Sep 2003
- Location
- Chicago
- Posts
- 190
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Let's say you have database table like this:
id, venue, comment, ip_address, review_date
here is the script that will insert the new data in the table
PHP Code:<?php
//query, get the values from our form
$venue = $_POST['venue'];
$comment = $_POST['comment'];
$review_date = $_POST['review_date'];
$ip_address = $_SERVER['REMOTE_ADDR'] ;
// now we insert it into the database
$insert = "INSERT INTO venues (venue, comment, ip_address, review_date)
VALUES ('$venue', '$comment', '$ip_address', '$review_date')";
$add_member = mysql_query($insert) or die(mysql_error());
?>
I hope that'll help you
-
May 20, 2006, 10:54 #10
Have you actually got a 'ip' field in your database?
If you don't then that's probably why it isn't working.Get your heelys now at flywalk.co.uk - But what are heelys?
Heelys are simply shoes with wheels in the heels!
Flywalk.co.uk - The UK Heelys Retailer
-
May 20, 2006, 10:57 #11
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
ok before i try this
y have u taken the POST away and the ( )
again thanks, still learning, trying to get my head around things
-
May 20, 2006, 10:58 #12
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
yes i have an ip field already set up
-
May 20, 2006, 11:06 #13
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
got it working!! THANKS!
just need to no, what is the diffrence between these to:
VALUES ('$venue', '$comment', '$review_date')";
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
these both work but what is the diffrence, with the $_POST
-
May 20, 2006, 11:15 #14
- Join Date
- Feb 2004
- Location
- MN
- Posts
- 408
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The $_POST means that you are getting information that is posted from a form. But you already declared the variables $venue, $comment, and $review date to get the information from the form, so adding the $_POST again when inserting the data is redundant.
Now I have a question: GetHostByName($REMOTE_ADDR) vs. $_SERVER['REMOTE_ADDR']. Which is more secure?
-
May 20, 2006, 11:17 #15
- Join Date
- Feb 2004
- Location
- Staffordshire, UK & Florida, USA
- Posts
- 314
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It is also worth noting that the IP address provided in $_SERVER['REMOTE_ADDR'] may be that of a proxy server, rather than the client's IP address. If the client is using a proxy then $_SERVER['REMOTE_ADDR'] will be the proxy IP and the actual client IP will be in $_SERVER['HTTP_X_FORWARDED_FOR']. If the client is using multiple proxies then $_SERVER['HTTP_X_FORWARDED_FOR'] will be a list of IP addresses, with the client IP at the end of the list.
-
May 20, 2006, 11:19 #16
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
lol!! i havnt got a clue, am new to all this, sorry.
but i have a nother question, if u dont mind, lol!
what do the () means these both work so what is the diffrence?
$venue = ($_POST['venue']);
$venue = $_POST['venue'];
thansk agian got everything workin
-
May 20, 2006, 11:32 #17
- Join Date
- Feb 2004
- Location
- MN
- Posts
- 408
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Just like in a mathematical equation, anything in the () are executed first. The () also are used for calling functions and for if/for/while/etc statments.
-
May 20, 2006, 11:35 #18
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
so what r the benefits then using ()?
and i just com accross the little piece, if it helps:
if the user is sitting behind a proxy server, you can do this;
<?
if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != ""){
$IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
$proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
}else{
$IP = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);
}
?>
if that makes any sense to you
-
May 20, 2006, 11:42 #19
- Join Date
- Feb 2004
- Location
- MN
- Posts
- 408
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
The benefits of ()? Well, usually it simply is a necessity. The benefits of () is that they will make your code work.
Another (more concise) version of that code you posted:
PHP Code:$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
-
May 20, 2006, 11:48 #20
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
impresive! thanks again for all the info,
just 1 last thing, how do u get your scripts to show up in the colors and that box when posting
-
May 20, 2006, 11:52 #21
- Join Date
- Mar 2006
- Posts
- 6,132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
a caution about HTTP_X_FORWARDED_FOR
any of the variables in the $_SERVER array that begin with HTTP_* are derived from the request headers the client browser sends. this means they can fake them quite easily.
if you want to see this in action, make 2 scripts.
server_vars.php.php
PHP Code:<?php
print_r($_SERVER);
?>
PHP Code:<?php
echo "<pre>\n";
$host = 'localhost';
//$host = 'www.example.org';
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
$out = "GET /server_vars.php HTTP/1.1\r\n";
$out .= "Host: $host\r\n";
// add some headers that php will put into the _SERVER array for us
$out .= "X-FORWARDED-FOR: fake x_forwarded_for\r\n";
$out .= "FORWARDED-FOR: fake forwarded for\r\n";
$out .= "foo: im am foo\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
?>
and run request.php and it will show you the output of server_vars.php
-
May 20, 2006, 12:01 #22
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thanks but this is going to deep for me..
thanks again every 1 for the input!
-
May 20, 2006, 12:02 #23
- Join Date
- Mar 2006
- Posts
- 6,132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
basically im saying, i wouldnt recomend using X_FORWARDED_FOR because it is easily faked.
-
May 20, 2006, 12:07 #24
- Join Date
- Dec 2005
- Posts
- 1,738
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
so what is the most safe?
i just want a bit of code i can use again and agin and get a genuine ip.
what i have now is working, but djones mentioned the proxy server problems as above.
iam using $_SERVER['REMOTE_ADDR'] whats the olturnative?
this is what ive got in my script
$ip_address = $_SERVER['REMOTE_ADDR'] ;
Bookmarks