SitePoint Sponsor

User Tag List

Results 1 to 24 of 24
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to store ip address

    hi all

    ive created a form which sends reviews to my database, i want to be able to store the persons ip address in a separate field on the database.

    this is stop abusive material being added and so i can just check the ip and ban them from the site.

    how is this achived? can anybody help?

    or have you got some other technics?

    many thanks!!

  2. #2
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Their IP address is $_SERVER['REMOTE_ADDR']. Store it in the database.

  3. #3
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how would i store it? what part of my script?

    thanks

  4. #4
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    say i creat a field ip_address

    how will i use $_SERVER['REMOTE_ADDR'] to pass the ip to ip_adress?

    here is sum of my script:

    <?php

    //query, get the values from our form
    $venue = ($_POST['venue']);
    $comment = ($_POST['comment']);
    $review_date = ($_POST['review_date']);


    // now we insert it into the database
    $insert = "INSERT INTO venues (venue, comment, review_date)
    VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";
    $add_member = mysql_query($insert) or die(mysql_error());

    ?>

  5. #5
    SitePoint Zealot kobra's Avatar
    Join Date
    Sep 2003
    Location
    Chicago
    Posts
    190
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just create a field with varchar(15) that would be enough


  6. #6
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks but how would i fit it in to my script above?

    thanks! still learning.

  7. #7
    SitePoint Evangelist sp0om's Avatar
    Join Date
    Feb 2004
    Location
    MN
    Posts
    408
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $venue = ($_POST['venue']);
    $comment = ($_POST['comment']);
    $review_date = ($_POST['review_date']);
    $ip $_SERVER['REMOTE_ADDR'];

    $insert "INSERT INTO venues (venue, comment, review_date, ip)
    VALUES ('"
    .$_POST['venue']."', '".($_POST['comment'])."',NOW(),$ip)";
    $add_member mysql_query($insert) or die(mysql_error()); 
    The above has not been tested, but should work, assuming you have a field in your table called "ip". I would recommend validating/sanitizing your data before inserting it into your database if you aren't

  8. #8
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks

    but now it says:

    You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '.37.63)' at line 2

    whats wrong here?

    cheers

  9. #9
    SitePoint Zealot kobra's Avatar
    Join Date
    Sep 2003
    Location
    Chicago
    Posts
    190
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Let's say you have database table like this:

    id, venue, comment, ip_address, review_date

    here is the script that will insert the new data in the table
    PHP Code:
    <?php

    //query, get the values from our form
    $venue $_POST['venue'];
    $comment $_POST['comment'];
    $review_date $_POST['review_date'];
    $ip_address $_SERVER['REMOTE_ADDR'] ;


    // now we insert it into the database
    $insert "INSERT INTO venues (venue, comment, ip_address, review_date)
    VALUES ('
    $venue', '$comment', '$ip_address', '$review_date')";

    $add_member mysql_query($insert) or die(mysql_error());

    ?>
    $_SERVER is global variable and you might wanna read some more about it in the php manual here

    I hope that'll help you


  10. #10
    SitePoint Guru themightystephen's Avatar
    Join Date
    Mar 2005
    Location
    England
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have you actually got a 'ip' field in your database?

    If you don't then that's probably why it isn't working.
    Get your heelys now at flywalk.co.uk - But what are heelys?
    Heelys are simply shoes with wheels in the heels!

    Flywalk.co.uk - The UK Heelys Retailer

  11. #11
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok before i try this

    y have u taken the POST away and the ( )

    again thanks, still learning, trying to get my head around things

  12. #12
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes i have an ip field already set up

  13. #13
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    got it working!! THANKS!

    just need to no, what is the diffrence between these to:

    VALUES ('$venue', '$comment', '$review_date')";

    VALUES ('".$_POST['venue']."', '".($_POST['comment'])."',NOW())";

    these both work but what is the diffrence, with the $_POST

  14. #14
    SitePoint Evangelist sp0om's Avatar
    Join Date
    Feb 2004
    Location
    MN
    Posts
    408
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The $_POST means that you are getting information that is posted from a form. But you already declared the variables $venue, $comment, and $review date to get the information from the form, so adding the $_POST again when inserting the data is redundant.

    Now I have a question: GetHostByName($REMOTE_ADDR) vs. $_SERVER['REMOTE_ADDR']. Which is more secure?

  15. #15
    SitePoint Addict
    Join Date
    Feb 2004
    Location
    Staffordshire, UK & Florida, USA
    Posts
    314
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is also worth noting that the IP address provided in $_SERVER['REMOTE_ADDR'] may be that of a proxy server, rather than the client's IP address. If the client is using a proxy then $_SERVER['REMOTE_ADDR'] will be the proxy IP and the actual client IP will be in $_SERVER['HTTP_X_FORWARDED_FOR']. If the client is using multiple proxies then $_SERVER['HTTP_X_FORWARDED_FOR'] will be a list of IP addresses, with the client IP at the end of the list.

  16. #16
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lol!! i havnt got a clue, am new to all this, sorry.

    but i have a nother question, if u dont mind, lol!

    what do the () means these both work so what is the diffrence?

    $venue = ($_POST['venue']);
    $venue = $_POST['venue'];

    thansk agian got everything workin

  17. #17
    SitePoint Evangelist sp0om's Avatar
    Join Date
    Feb 2004
    Location
    MN
    Posts
    408
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just like in a mathematical equation, anything in the () are executed first. The () also are used for calling functions and for if/for/while/etc statments.

  18. #18
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so what r the benefits then using ()?

    and i just com accross the little piece, if it helps:

    if the user is sitting behind a proxy server, you can do this;

    <?
    if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != ""){
    $IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
    $proxy = $HTTP_SERVER_VARS["REMOTE_ADDR"];
    $host = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);
    }else{
    $IP = $HTTP_SERVER_VARS["REMOTE_ADDR"];
    $host = @gethostbyaddr($HTTP_SERVER_VARS["REMOTE_ADDR"]);
    }
    ?>

    if that makes any sense to you

  19. #19
    SitePoint Evangelist sp0om's Avatar
    Join Date
    Feb 2004
    Location
    MN
    Posts
    408
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The benefits of ()? Well, usually it simply is a necessity. The benefits of () is that they will make your code work.

    Another (more concise) version of that code you posted:

    PHP Code:
    $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; 

  20. #20
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    impresive! thanks again for all the info,

    just 1 last thing, how do u get your scripts to show up in the colors and that box when posting

  21. #21
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    a caution about HTTP_X_FORWARDED_FOR

    any of the variables in the $_SERVER array that begin with HTTP_* are derived from the request headers the client browser sends. this means they can fake them quite easily.

    if you want to see this in action, make 2 scripts.

    server_vars.php.php
    PHP Code:
    <?php
    print_r
    ($_SERVER);
    ?>
    request.php
    PHP Code:
    <?php
    echo "<pre>\n";

    $host 'localhost';
    //$host = 'www.example.org';




    $fp fsockopen($host80$errno$errstr30);
    if (!
    $fp) {
       echo 
    "$errstr ($errno)\n";
    } else {
       
    $out "GET /server_vars.php HTTP/1.1\r\n";
       
    $out .= "Host: $host\r\n";
       
    // add some headers that php will put into the _SERVER array for us
       
    $out .= "X-FORWARDED-FOR: fake x_forwarded_for\r\n";
       
    $out .= "FORWARDED-FOR: fake forwarded for\r\n";
       
    $out .= "foo: im am foo\r\n";
       
    $out .= "Connection: Close\r\n\r\n";

       
    fwrite($fp$out);
       while (!
    feof($fp)) {
           echo 
    fgets($fp128);
       }
       
    fclose($fp);
    }
    ?>

    and run request.php and it will show you the output of server_vars.php

  22. #22
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks but this is going to deep for me..

    thanks again every 1 for the input!

  23. #23
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    basically im saying, i wouldnt recomend using X_FORWARDED_FOR because it is easily faked.

  24. #24
    SitePoint Wizard
    Join Date
    Dec 2005
    Posts
    1,738
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so what is the most safe?

    i just want a bit of code i can use again and agin and get a genuine ip.

    what i have now is working, but djones mentioned the proxy server problems as above.

    iam using $_SERVER['REMOTE_ADDR'] whats the olturnative?

    this is what ive got in my script

    $ip_address = $_SERVER['REMOTE_ADDR'] ;


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •