If statement always false?

PHP
1 
   <body background="image.jpg">
  <style>
      body{
          font-family: Arial, "Times New Roman";
          color:black;
      }
      input[type=text] {
  width: 30%;
  box-sizing: border-box;
  border: 2px solid #ccc;
  border-radius: 4px;
  font-size: 16px;
  background-color: white;
  background-position: 5px 5px; 
  background-repeat: no-repeat;
  padding: 12px 20px 12px 40px;
}
.button {
  background-color: #4CAF50;
  border: none;
  color: white;
  padding: 15px 32px;
  text-align: center;
  text-decoration: none;
  display: inline-block;
  font-size: 16px;
  margin: 4px 2px;
  cursor: pointer;
}

  </style>

<?php


$mysqli = mysqli_connect("localhost", "username", "pass", "dbname");



$ip = $_SERVER['REMOTE_ADDR'];

$result = $mysqli->query("SELECT 'ip' FROM `unbanned` WHERE 'ip'= '$ip'");

if ($mysqli == false)
{
    echo 'Not Connected to Server';
}else{

  
  if($result == $ip)
  {
echo 'Wow You have permission to enter!';
  }
  else
  {
 echo 'I am sorry you dont have permission to view';
  }
//FALSE ONE ^^^^
}


?>

PLEASE HELP ME!

2

$mysqli->query() does not return the result directly, it returns a mysqli_result object.

In order to get the information you want you’d do:

$row = $result->fetch_row();

if (null !== $row) {
    echo 'Wow you have permission to enter!';
}

You need to check against NULL because fetch_row return NULL when no rows were found. If a row is found the IP in that row must be the same as the IP in the query, because you filtered on that in the WHERE clause of the query.

Also, that query should be prepared to prevent SQL Injection:

$statement = $mysqli->prepare('SELECT ip FROM `unbanned` WHERE ip=?');
$statement->bind_param("s", $ip);
$stmt->bind_result($selectedIp);
$stmt->fetch();

if (null !== $selectedIp) {
    echo 'Wow you have permission to enter!';
}

Also, in my opinion, PDO is a lot easier to work with than MySQLi for database interactions.

2 Likes
3

I would also add that the condition which checks if the connection was sucessful would be better before the query.

1 Like
4

Hello Rpkamp,

Thanks for your support,

It didnt worked for me but thanks for your support.

I have another solution for injections so i will not use the prevent SQL injection code but thanks for your all help.

5

Hello SamA74,

Thanks for your support i added the condition checking before from the query,
Thanks for your support but i couldnt fix the problem.

6

Can you show the code you tried following the advice?

1 Like
7 
   <body background="image.jpg">
  <style>
      body{
          font-family: Arial, "Times New Roman";
          color:black;
      }
      input[type=text] {
  width: 30%;
  box-sizing: border-box;
  border: 2px solid #ccc;
  border-radius: 4px;
  font-size: 16px;
  background-color: white;
  background-position: 5px 5px; 
  background-repeat: no-repeat;
  padding: 12px 20px 12px 40px;
}
.button {
  background-color: #4CAF50;
  border: none;
  color: white;
  padding: 15px 32px;
  text-align: center;
  text-decoration: none;
  display: inline-block;
  font-size: 16px;
  margin: 4px 2px;
  cursor: pointer;
}

  </style>

<?php


$mysqli = mysqli_connect("localhost", "user", "password", "db");


if ($mysqli == false)
{
    echo 'Not Connected to Server';
}else{
  



if (null !== $row) {
    echo 'Wow you have permission to enter!';
}else
{
    echo 'Nope DONT ENTER YOU BOT!';
}

}

$ip = $_SERVER['REMOTE_ADDR'];

$result = $mysqli->query("SELECT 'ip' FROM `unbanned` WHERE 'ip'= '$ip'");

$row = $result->fetch_row();

?>

The code is this. I think i did something very wrong in here.Thanks for your help.

8

This check needs to come after the query and the fetch.

1 Like
9

Oh okay :slight_smile: I think i understand it wrong before :smiley:
Thanks for your help. But it still goes to false :frowning:

10

Are you certain that the IP exists in the table?

1 Like
11

Yes i am pretty sure i checked it twice.

12

Did you check the result of $_SERVER['REMOTE_ADDR']?

Add this temporarily to see if it is what you expect it to be:-

var_dump($ip); exit;
1 Like
13

it gives my IP true,
string(14) “MYIPADRESS”

14

That eliminates one possiblility, so there must still be a problem in the codeyou are trying.
Try it like in the example given by @rpkamp

1 Like
15 
   <body background="image.jpg">
  <style>
      body{
          font-family: Arial, "Times New Roman";
          color:black;
      }
      input[type=text] {
  width: 30%;
  box-sizing: border-box;
  border: 2px solid #ccc;
  border-radius: 4px;
  font-size: 16px;
  background-color: white;
  background-position: 5px 5px; 
  background-repeat: no-repeat;
  padding: 12px 20px 12px 40px;
}
.button {
  background-color: #4CAF50;
  border: none;
  color: white;
  padding: 15px 32px;
  text-align: center;
  text-decoration: none;
  display: inline-block;
  font-size: 16px;
  margin: 4px 2px;
  cursor: pointer;
}

  </style>

<?php


$mysqli = mysqli_connect("localhost", "recaptch_securityy", "demirabi1!", "recaptch_security");


if ($mysqli == false)
{
    echo 'Not Connected to Server';
}else{
  
$ip = $_SERVER['REMOTE_ADDR'];

$statement = $mysqli->prepare('SELECT ip FROM `unbanned` WHERE ip=?');
$statement->bind_param("s", $ip);
$stmt->bind_result($selectedIp);
$stmt->fetch();

if (null !== $selectedIp) {
    echo 'Wow you have permission to enter!';
}
?>

I added the code that @rpkamp gave but it gived an error at line 54 Syntax Error Unexpected $EOF

Thanks for your help one more time :slight_smile: :frowning:

16

It needs one more closing bracket } at the end to close the else condition.

1 Like
17

Oh i forgot it :laughing: sorry let me try

18

You may also want to add the other else following the if for the wrong IP.

if (null !== $selectedIp) {
    echo 'Wow you have permission to enter!';
}
else
{
    echo 'Nope DONT ENTER YOU BOT!';
}
1 Like
19

Now nothing pops up the screen :frowning: I added the other case too

21

What is the code you have now?