how to store ip address

**computerbarry** · May 20, 2006, 09:45

hi all

ive created a form which sends reviews to my database, i want to be able to store the persons ip address in a separate field on the database.

this is stop abusive material being added and so i can just check the ip and ban them from the site.

how is this achived? can anybody help?

or have you got some other technics?

many thanks!!

**UFTimmy** · May 20, 2006, 10:11

Their IP address is $_SERVER['REMOTE_ADDR']. Store it in the database.

**computerbarry** · May 20, 2006, 10:13

how would i store it? what part of my script?

thanks

**computerbarry** · May 20, 2006, 10:19

say i creat a field ip_address

how will i use $_SERVER['REMOTE_ADDR'] to pass the ip to ip_adress?

here is sum of my script:

<?php

//query, get the values from our form
$venue = ($_POST['venue']);
$comment = ($_POST['comment']);
$review_date = ($_POST['review_date']);

// now we insert it into the database
$insert = "INSERT INTO venues (venue, comment, review_date)
VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
$add_member = mysql_query($insert) or die(mysql_error());

?>

**kobra** · May 20, 2006, 10:19

just create a field with varchar(15) that would be enough

**computerbarry** · May 20, 2006, 10:21

thanks but how would i fit it in to my script above?

thanks! still learning.

**sp0om** · May 20, 2006, 10:42

PHP Code:


$venue = ($_POST['venue']);

$comment = ($_POST['comment']);

$review_date = ($_POST['review_date']);

$ip = $_SERVER['REMOTE_ADDR'];



$insert = "INSERT INTO venues (venue, comment, review_date, ip)

VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW(),$ip)";

$add_member = mysql_query($insert) or die(mysql_error());

The above has not been tested, but should work, assuming you have a field in your table called "ip". I would recommend validating/sanitizing your data before inserting it into your database if you aren't

**computerbarry** · May 20, 2006, 10:47

thanks

but now it says:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '.37.63)' at line 2

whats wrong here?

cheers

**kobra** · May 20, 2006, 10:53

Let's say you have database table like this:

id, venue, comment, ip_address, review_date

here is the script that will insert the new data in the table

PHP Code:


<?php



//query, get the values from our form

$venue = $_POST['venue'];

$comment = $_POST['comment'];

$review_date = $_POST['review_date'];

$ip_address = $_SERVER['REMOTE_ADDR'] ;





// now we insert it into the database

$insert = "INSERT INTO venues (venue, comment, ip_address, review_date)

VALUES ('$venue', '$comment', '$ip_address', '$review_date')";



$add_member = mysql_query($insert) or die(mysql_error());



?>

$_SERVER is global variable and you might wanna read some more about it in the php manual here

I hope that'll help you

**themightystephen** · May 20, 2006, 10:54

Have you actually got a 'ip' field in your database?

If you don't then that's probably why it isn't working.

**computerbarry** · May 20, 2006, 10:57

ok before i try this

y have u taken the POST away and the ( )

again thanks, still learning, trying to get my head around things

**computerbarry** · May 20, 2006, 10:58

yes i have an ip field already set up

**computerbarry** · May 20, 2006, 11:06

got it working!! THANKS!

just need to no, what is the diffrence between these to:

VALUES ('$venue', '$comment', '$review_date')";

VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";

these both work but what is the diffrence, with the $_POST

**sp0om** · May 20, 2006, 11:15

The $_POST means that you are getting information that is posted from a form. But you already declared the variables $venue, $comment, and $review date to get the information from the form, so adding the $_POST again when inserting the data is redundant.

Now I have a question: GetHostByName($REMOTE_ADDR) vs. $_SERVER['REMOTE_ADDR']. Which is more secure?

**djones** · May 20, 2006, 11:17

It is also worth noting that the IP address provided in $_SERVER['REMOTE_ADDR'] may be that of a proxy server, rather than the client's IP address. If the client is using a proxy then $_SERVER['REMOTE_ADDR'] will be the proxy IP and the actual client IP will be in $_SERVER['HTTP_X_FORWARDED_FOR']. If the client is using multiple proxies then $_SERVER['HTTP_X_FORWARDED_FOR'] will be a list of IP addresses, with the client IP at the end of the list.

**computerbarry** · May 20, 2006, 11:19

lol!! i havnt got a clue, am new to all this, sorry.

but i have a nother question, if u dont mind, lol!

what do the () means these both work so what is the diffrence?

$venue = ($_POST['venue']);
$venue = $_POST['venue'];

thansk agian got everything workin

**sp0om** · May 20, 2006, 11:32

Just like in a mathematical equation, anything in the () are executed first. The () also are used for calling functions and for if/for/while/etc statments.

**computerbarry** · May 20, 2006, 11:35

so what r the benefits then using ()?

and i just com accross the little piece, if it helps:

if the user is sitting behind a proxy server, you can do this;

<?
if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != ""){
$IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
$proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
}else{
$IP = $HTTP_SERVER_VARS["REMOTE_ADDR"];
$host = @gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);
}
?>

if that makes any sense to you

**sp0om** · May 20, 2006, 11:42

The benefits of ()? Well, usually it simply is a necessity. The benefits of () is that they will make your code work.

Another (more concise) version of that code you posted:

PHP Code:


$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

**computerbarry** · May 20, 2006, 11:48

impresive! thanks again for all the info,

just 1 last thing, how do u get your scripts to show up in the colors and that box when posting

**clamcrusher** · May 20, 2006, 11:52

a caution about HTTP_X_FORWARDED_FOR

any of the variables in the $_SERVER array that begin with HTTP_* are derived from the request headers the client browser sends. this means they can fake them quite easily.

if you want to see this in action, make 2 scripts.

server_vars.php.php

PHP Code:


<?php

print_r($_SERVER);

?>

request.php

PHP Code:


<?php

echo "<pre>\n";



$host = 'localhost';

//$host = 'www.example.org';









$fp = fsockopen($host, 80, $errno, $errstr, 30);

if (!$fp) {

   echo "$errstr ($errno)\n";

} else {

   $out = "GET /server_vars.php HTTP/1.1\r\n";

   $out .= "Host: $host\r\n";

   // add some headers that php will put into the _SERVER array for us

   $out .= "X-FORWARDED-FOR: fake x_forwarded_for\r\n";

   $out .= "FORWARDED-FOR: fake forwarded for\r\n";

   $out .= "foo: im am foo\r\n";

   $out .= "Connection: Close\r\n\r\n";



   fwrite($fp, $out);

   while (!feof($fp)) {

       echo fgets($fp, 128);

   }

   fclose($fp);

}

?>

and run request.php and it will show you the output of server_vars.php

**computerbarry** · May 20, 2006, 12:01

thanks but this is going to deep for me..

thanks again every 1 for the input!

**clamcrusher** · May 20, 2006, 12:02

basically im saying, i wouldnt recomend using X_FORWARDED_FOR because it is easily faked.

**computerbarry** · May 20, 2006, 12:07

so what is the most safe?

i just want a bit of code i can use again and agin and get a genuine ip.

what i have now is working, but djones mentioned the proxy server problems as above.

iam using $_SERVER['REMOTE_ADDR'] whats the olturnative?

this is what ive got in my script

$ip_address = $_SERVER['REMOTE_ADDR'] ;

The SitePoint Forums have moved.

User Tag List

Thread: how to store ip address

Thread Tools

Display

how to store ip address

Bookmarks

Bookmarks

Posting Permissions