<body background="image.jpg">
<style>
body{
font-family: Arial, "Times New Roman";
color:black;
}
input[type=text] {
width: 30%;
box-sizing: border-box;
border: 2px solid #ccc;
border-radius: 4px;
font-size: 16px;
background-color: white;
background-position: 5px 5px;
background-repeat: no-repeat;
padding: 12px 20px 12px 40px;
}
.button {
background-color: #4CAF50;
border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
}
</style>
<?php
$mysqli = mysqli_connect("localhost", "username", "pass", "dbname");
$ip = $_SERVER['REMOTE_ADDR'];
$result = $mysqli->query("SELECT 'ip' FROM `unbanned` WHERE 'ip'= '$ip'");
if ($mysqli == false)
{
echo 'Not Connected to Server';
}else{
if($result == $ip)
{
echo 'Wow You have permission to enter!';
}
else
{
echo 'I am sorry you dont have permission to view';
}
//FALSE ONE ^^^^
}
?>
PLEASE HELP ME!
rpkamp
January 27, 2019, 10:51am
2
$mysqli->query()
does not return the result directly, it returns a mysqli_result object.
In order to get the information you want you’d do:
$row = $result->fetch_row();
if (null !== $row) {
echo 'Wow you have permission to enter!';
}
You need to check against NULL
because fetch_row
return NULL
when no rows were found. If a row is found the IP in that row must be the same as the IP in the query, because you filtered on that in the WHERE clause of the query.
Also, that query should be prepared to prevent SQL Injection :
$statement = $mysqli->prepare('SELECT ip FROM `unbanned` WHERE ip=?');
$statement->bind_param("s", $ip);
$stmt->bind_result($selectedIp);
$stmt->fetch();
if (null !== $selectedIp) {
echo 'Wow you have permission to enter!';
}
Also, in my opinion, PDO is a lot easier to work with than MySQLi for database interactions.
2 Likes
SamA74
January 27, 2019, 11:01am
3
HaydiKod:
if ($mysqli == false)
I would also add that the condition which checks if the connection was sucessful would be better before the query.
1 Like
Hello Rpkamp,
Thanks for your support,
It didnt worked for me but thanks for your support.
I have another solution for injections so i will not use the prevent SQL injection code but thanks for your all help.
Hello SamA74,
Thanks for your support i added the condition checking before from the query,
Thanks for your support but i couldnt fix the problem.
SamA74
January 27, 2019, 11:38am
6
Can you show the code you tried following the advice?
1 Like
<body background="image.jpg">
<style>
body{
font-family: Arial, "Times New Roman";
color:black;
}
input[type=text] {
width: 30%;
box-sizing: border-box;
border: 2px solid #ccc;
border-radius: 4px;
font-size: 16px;
background-color: white;
background-position: 5px 5px;
background-repeat: no-repeat;
padding: 12px 20px 12px 40px;
}
.button {
background-color: #4CAF50;
border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
}
</style>
<?php
$mysqli = mysqli_connect("localhost", "user", "password", "db");
if ($mysqli == false)
{
echo 'Not Connected to Server';
}else{
if (null !== $row) {
echo 'Wow you have permission to enter!';
}else
{
echo 'Nope DONT ENTER YOU BOT!';
}
}
$ip = $_SERVER['REMOTE_ADDR'];
$result = $mysqli->query("SELECT 'ip' FROM `unbanned` WHERE 'ip'= '$ip'");
$row = $result->fetch_row();
?>
The code is this. I think i did something very wrong in here.Thanks for your help.
SamA74
January 27, 2019, 11:50am
8
HaydiKod:
if (null !== $row) {
This check needs to come after the query and the fetch.
1 Like
SamA74:
w) {
This che
Oh okay I think i understand it wrong before
Thanks for your help. But it still goes to false
SamA74
January 27, 2019, 12:02pm
10
Are you certain that the IP exists in the table?
1 Like
Yes i am pretty sure i checked it twice.
SamA74
January 27, 2019, 12:05pm
12
Did you check the result of $_SERVER['REMOTE_ADDR']
?
Add this temporarily to see if it is what you expect it to be:-
var_dump($ip); exit;
1 Like
SamA74:
var_dump($ip); exit;
it gives my IP true,
string(14) “MYIPADRESS”
SamA74
January 27, 2019, 12:10pm
14
HaydiKod:
it gives my IP true,
That eliminates one possiblility, so there must still be a problem in the codeyou are trying.
Try it like in the example given by @rpkamp
1 Like
<body background="image.jpg">
<style>
body{
font-family: Arial, "Times New Roman";
color:black;
}
input[type=text] {
width: 30%;
box-sizing: border-box;
border: 2px solid #ccc;
border-radius: 4px;
font-size: 16px;
background-color: white;
background-position: 5px 5px;
background-repeat: no-repeat;
padding: 12px 20px 12px 40px;
}
.button {
background-color: #4CAF50;
border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
}
</style>
<?php
$mysqli = mysqli_connect("localhost", "recaptch_securityy", "demirabi1!", "recaptch_security");
if ($mysqli == false)
{
echo 'Not Connected to Server';
}else{
$ip = $_SERVER['REMOTE_ADDR'];
$statement = $mysqli->prepare('SELECT ip FROM `unbanned` WHERE ip=?');
$statement->bind_param("s", $ip);
$stmt->bind_result($selectedIp);
$stmt->fetch();
if (null !== $selectedIp) {
echo 'Wow you have permission to enter!';
}
?>
I added the code that @rpkamp gave but it gived an error at line 54 Syntax Error Unexpected $EOF
Thanks for your help one more time
SamA74
January 27, 2019, 12:18pm
16
It needs one more closing bracket }
at the end to close the else
condition.
1 Like
Oh i forgot it sorry let me try
SamA74
January 27, 2019, 12:21pm
18
You may also want to add the other else
following the if
for the wrong IP.
if (null !== $selectedIp) {
echo 'Wow you have permission to enter!';
}
else
{
echo 'Nope DONT ENTER YOU BOT!';
}
1 Like
Now nothing pops up the screen I added the other case too
rpkamp
January 27, 2019, 2:08pm
21
What is the code you have now?